Click to See Complete Forum and Search --> : ASP Security for Binary files
Dana Pellerin
08-07-2000, 01:35 PM
I have developed a simple security scheme that stores a cookie on the users
machine and then uses a small script at the top of each page to check that
cookie for authorization before serving the page. The problem I run into
is that I want to return a .PDF file to the client but obviously I can't
put my code into the file. How can I make sure that a user has access to
a certain .pdf (or any binary file for that matter) without resorting to
NTFS permissions?
Thanks
Dana
John Timney (MVP)
08-07-2000, 01:46 PM
All I can suggest is that you dont reinvent the wheel. - however, that said,
there is nothing to stop you keeping a small control list for the files you
want to restrict, then check it before delivering the file.
Regards
John Timney (MVP)
"Dana Pellerin" <ss_Whiplash@yahoo.com> wrote:
>
>I have developed a simple security scheme that stores a cookie on the users
>machine and then uses a small script at the top of each page to check that
>cookie for authorization before serving the page. The problem I run into
>is that I want to return a .PDF file to the client but obviously I can't
>put my code into the file. How can I make sure that a user has access to
>a certain .pdf (or any binary file for that matter) without resorting to
>NTFS permissions?
>
>Thanks
>
>Dana
Michael Howard
08-10-2000, 11:51 AM
How are you authenticating the clients? if you are using IIS you can use basic
over ssl/tls, digest, or certificate mapping over the internet and use acls,
or you can use windows auth on an intranet. if you ABSSOLUTELY cannot use
acls then you can use asp to look at the cookie and if it's valid use a response.write
and write the pdf file back to the user. it's messy, but it works.
Michael Howard
mikehow@microsoft.com
"Dana Pellerin" <ss_Whiplash@yahoo.com> wrote:
>
>I have developed a simple security scheme that stores a cookie on the users
>machine and then uses a small script at the top of each page to check that
>cookie for authorization before serving the page. The problem I run into
>is that I want to return a .PDF file to the client but obviously I can't
>put my code into the file. How can I make sure that a user has access to
>a certain .pdf (or any binary file for that matter) without resorting to
>NTFS permissions?
>
>Thanks
>
>Dana
devx.com
Copyright WebMediaBrands Inc. All Rights Reserved