I have a intranet-based system running IIS5/6. We have a secure logon
feature whereby certain users can access restricted content. While most of
this is ASP pages, and thus we can control that, some of the content is
served directly as a PDF or plain html (automatically generated from
MSOffice!).
If a user discovers the location of this content, he access it directly
through the browser (bypassing the menus), which rather makes a mockery of
this concept of secure content!
I have seen one or two commercial ISAPI filters that can be used to prevent
this access, but I dont want to spend where I dont have to, especially when
I'm not entirely sure how they work.
Does anybody know of any other means by which I can achieve this? Free
utils/filters perhaps or maybe abother method I am not aware of?
As an aside, I've heard a few mumblings about .htaccess files, but the
information I have found so far involved password protecting directories on
Apache servers... Does anybody know where I can find more about using
..htaccess file. [I think I am going to need them for an IndexServer project
coming up]
Thanks.
Chris