ASP Security for Binary files


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 3 of 3

Thread: ASP Security for Binary files

  1. #1
    Dana Pellerin Guest

    ASP Security for Binary files


    I have developed a simple security scheme that stores a cookie on the users
    machine and then uses a small script at the top of each page to check that
    cookie for authorization before serving the page. The problem I run into
    is that I want to return a .PDF file to the client but obviously I can't
    put my code into the file. How can I make sure that a user has access to
    a certain .pdf (or any binary file for that matter) without resorting to
    NTFS permissions?

    Thanks

    Dana

  2. #2
    John Timney (MVP) Guest

    Re: ASP Security for Binary files


    All I can suggest is that you dont reinvent the wheel. - however, that said,
    there is nothing to stop you keeping a small control list for the files you
    want to restrict, then check it before delivering the file.

    Regards

    John Timney (MVP)


    "Dana Pellerin" <ss_Whiplash@yahoo.com> wrote:
    >
    >I have developed a simple security scheme that stores a cookie on the users
    >machine and then uses a small script at the top of each page to check that
    >cookie for authorization before serving the page. The problem I run into
    >is that I want to return a .PDF file to the client but obviously I can't
    >put my code into the file. How can I make sure that a user has access to
    >a certain .pdf (or any binary file for that matter) without resorting to
    >NTFS permissions?
    >
    >Thanks
    >
    >Dana



  3. #3
    Michael Howard Guest

    Re: ASP Security for Binary files


    How are you authenticating the clients? if you are using IIS you can use basic
    over ssl/tls, digest, or certificate mapping over the internet and use acls,
    or you can use windows auth on an intranet. if you ABSSOLUTELY cannot use
    acls then you can use asp to look at the cookie and if it's valid use a response.write
    and write the pdf file back to the user. it's messy, but it works.

    Michael Howard
    mikehow@microsoft.com


    "Dana Pellerin" <ss_Whiplash@yahoo.com> wrote:
    >
    >I have developed a simple security scheme that stores a cookie on the users
    >machine and then uses a small script at the top of each page to check that
    >cookie for authorization before serving the page. The problem I run into
    >is that I want to return a .PDF file to the client but obviously I can't
    >put my code into the file. How can I make sure that a user has access to
    >a certain .pdf (or any binary file for that matter) without resorting to
    >NTFS permissions?
    >
    >Thanks
    >
    >Dana



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center