tags:

views:

225

answers:

1
+2  Q: 

Password protect files on IIS without using NTFS file permission

We host online reports that a client will log into and view. The reports are ASP pages pulling the necessary numbers from a SQL Server database. The client's access details are managed by a table in the SQL Server too.

In the past we've had one or more PDF or other files that the client might also want to access from the online report. These were simply uploaded into a subfolder within the ASP files folder and linked to from the relevant ASP page.

If I wanted to protect those files to make sure that the user attempting to access them has logged in - is there a way to do this? I'm thinking that the file has to be stored in the database. How do others manage this?

+3  A: 

Putting the PDFs in the db is unnecessary. Instead, store the PDFs in a location outside of the web folder. Well away from public access. Create records in a DB for the locations of each PDF with an id number. Assuming you already have an authentication system for users in place, create another table which links the userid to the recordid of the pdf they have access to. From there it's a simple matter of creating a page which checks credentials against this access table, opening the file location provided by the db and response binarywriting it's contents. You can find several examples of doing this scattered about the web. However, ASP classic has this annoying habit of storing the entire file in ram while transferring it which EATS up resources like you wouldn't believe. I'd recommend using an ASP.Net script if at all possible. The code is much easier too 

Server.TransferFile()
Spencer Ruport  2009-05-14 16:30:35
Its not ASP Classic that stores the file in RAM (you can disable response buffering and chunk it to the client) however the only component that ubiquitously available to ASP in order to read a binary file is ADODB.Stream. Unfortunately that will often bring most if not all the file into memory.
AnthonyWJones  2009-05-15 11:52:47
Thanks Spencer - helped enormously
Dan  2009-05-22 09:19:14

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?