ASP and User/Directory authentication


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 3 of 3

Thread: ASP and User/Directory authentication

  1. #1
    Marco Benedetti Guest

    ASP and User/Directory authentication


    On a server I have 3 directories:
    1)a directory in which I store original images (JPG)
    2)a directory in which I store thumbnails
    3)a directory in which I store previews
    I built a database application (with user authentication) to browse the image
    catalogue. The user can also add images in a shopping basket. Now
    I would like to redirect the user to a page where he can download the images
    he has selected. I can do this but my problem is: how to secure the original
    files from beeing downloaded? This because I can read the path in the source
    of the HTML file and with a little imagination I can type the full path in
    the browser. I would like to manage all access rights with my own database
    application, not from the windows conventional security methods.
    Thank you.

  2. #2
    Q*bert Guest

    Re: ASP and User/Directory authentication


    Q*bert

    Don't allow access to the original files. At run time, create directory
    (after check out) and copy all the files desired to be downloaded to that
    directory, after the checkout is complete and files downloaded, delete the
    directory. (or do as a batch process each evening or something)

    This assumes:
    1) you have premission to create directories on the fly
    2) don't have a major concern about drive space.

    Hope this helps.
    Q*bert
    @(#*&$

    "Marco Benedetti" <marco.benedetti@bluewin.ch> wrote:
    >
    >On a server I have 3 directories:
    >1)a directory in which I store original images (JPG)
    >2)a directory in which I store thumbnails
    >3)a directory in which I store previews
    >I built a database application (with user authentication) to browse the

    image
    >catalogue. The user can also add images in a shopping basket. Now
    >I would like to redirect the user to a page where he can download the images
    >he has selected. I can do this but my problem is: how to secure the original
    >files from beeing downloaded? This because I can read the path in the source
    >of the HTML file and with a little imagination I can type the full path

    in
    >the browser. I would like to manage all access rights with my own database
    >application, not from the windows conventional security methods.
    >Thank you.



  3. #3
    Gene Guest

    Re: ASP and User/Directory authentication


    Do not allow direct access to the downloadable files, simply use an accessible
    ASP file to read the file and response.binarywrite the contents to the ouput
    stream. Be sure to construct the headers appropriately and finally use a
    meta tag to give it the correct filename for download.

    By using an ASP page in this manner you can fulfill your security aspects
    and allow a way to programatically allow access without unlimited download
    capabilities.



    "Marco Benedetti" <marco.benedetti@bluewin.ch> wrote:
    >
    >On a server I have 3 directories:
    >1)a directory in which I store original images (JPG)
    >2)a directory in which I store thumbnails
    >3)a directory in which I store previews
    >I built a database application (with user authentication) to browse the

    image
    >catalogue. The user can also add images in a shopping basket. Now
    >I would like to redirect the user to a page where he can download the images
    >he has selected. I can do this but my problem is: how to secure the original
    >files from beeing downloaded? This because I can read the path in the source
    >of the HTML file and with a little imagination I can type the full path

    in
    >the browser. I would like to manage all access rights with my own database
    >application, not from the windows conventional security methods.
    >Thank you.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center