DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 4 of 4

Thread: NT security and ASP

  1. #1
    John Rigsby Guest

    NT security and ASP


    I want to secure a directory from normal Internet users but make it accessible
    to certain users that have already logged in to my database driven application.
    Is it possible to set NT security for a user programmatically without having
    the browser show a basis authentication login?



    I assume NT challenge isn't valid in this situation since I need to associate
    this person with a local account that has certain permissions)?

    For example: User logs in to my application and I know that this user has
    permissions PLANSPONSOR setup as a user on the machine with access priviledges
    to a certain folder on the machine.

    If I can't would doing the following suffice: 1) make a directory without
    a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP I
    read this directory and show all the files 3) When user selects a link I
    BinaryWrite the files out to the browser. A casual internet user can't see
    the files because they can't enter in a directory but my ASP pages can since
    I know the physical path. The only hitch is can I get the files and serve
    them up in this manner? I don't prefer this because Im going to have to serve
    many web sites and come up with a shadow directory structure for each.


  2. #2
    Dan Zainea Guest

    Re: NT security and ASP


    "John Rigsby" <john.rigsby@corbel.com> wrote:
    >
    >I want to secure a directory from normal Internet users but make it accessible
    >to certain users that have already logged in to my database driven application.
    >Is it possible to set NT security for a user programmatically without having
    >the browser show a basis authentication login?
    >
    >
    >
    >I assume NT challenge isn't valid in this situation since I need to associate
    >this person with a local account that has certain permissions)?
    >
    >For example: User logs in to my application and I know that this user has
    >permissions PLANSPONSOR setup as a user on the machine with access priviledges
    >to a certain folder on the machine.
    >
    >If I can't would doing the following suffice: 1) make a directory without
    >a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP

    I
    >read this directory and show all the files 3) When user selects a link I
    >BinaryWrite the files out to the browser. A casual internet user can't see
    >the files because they can't enter in a directory but my ASP pages can since
    >I know the physical path. The only hitch is can I get the files and serve
    >them up in this manner? I don't prefer this because Im going to have to

    serve
    >many web sites and come up with a shadow directory structure for each.
    >



    Hi John,

    I have two solutions for your problem:

    1) If you use NTFS file system you can set the file access permissions for
    the files so that they can be accessed by the registered users only. If you
    use NTLM login, IIS will run the ASP pages under the security context of
    the authenticated user. The down side of this approach is that you will have
    to manage a large number of Windows accounts, map them to appropriate groups
    and give those groups permissions to access files on your file system. So,
    every time you add a new user you have to create a new NT account and add
    it to security groups.

    2) You can authenticate users against a database and have a COM object changing
    the security context of the authenticated users to a user account that has
    permissions to access the files using COM+ CoImpersonateClient interface.
    This way your ASP pages will run under IUSR_MACHINE security context, but
    you can switch the security context in your COM object to, say PLANSPONSOR
    user that is the only NT user having READ access to the files that you want
    to protect.

    Dan.


  3. #3
    Gene Black Guest

    Re: NT security and ASP

    You can also try ScriptX's FileSystemObject it allows you to set the user
    context in which to access files on the server.


    "John Rigsby" <john.rigsby@corbel.com> wrote in message
    news:398ee76b$1@news.devx.com...
    >
    > I want to secure a directory from normal Internet users but make it

    accessible
    > to certain users that have already logged in to my database driven

    application.
    > Is it possible to set NT security for a user programmatically without

    having
    > the browser show a basis authentication login?
    >
    >
    >
    > I assume NT challenge isn't valid in this situation since I need to

    associate
    > this person with a local account that has certain permissions)?
    >
    > For example: User logs in to my application and I know that this user has
    > permissions PLANSPONSOR setup as a user on the machine with access

    priviledges
    > to a certain folder on the machine.
    >
    > If I can't would doing the following suffice: 1) make a directory without
    > a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP I
    > read this directory and show all the files 3) When user selects a link I
    > BinaryWrite the files out to the browser. A casual internet user can't see
    > the files because they can't enter in a directory but my ASP pages can

    since
    > I know the physical path. The only hitch is can I get the files and serve
    > them up in this manner? I don't prefer this because Im going to have to

    serve
    > many web sites and come up with a shadow directory structure for each.
    >




  4. #4
    Michael Howard Guest

    Re: NT security and ASP


    the FSO built into ActiveScripting does this today - the asp page impersonates
    the user and then invokes the FSO - so FSO runs as the user. no magic needed!!

    "Gene Black" <geblack@att.net> wrote:
    >You can also try ScriptX's FileSystemObject it allows you to set the user
    >context in which to access files on the server.
    >
    >
    >"John Rigsby" <john.rigsby@corbel.com> wrote in message
    >news:398ee76b$1@news.devx.com...
    >>
    >> I want to secure a directory from normal Internet users but make it

    >accessible
    >> to certain users that have already logged in to my database driven

    >application.
    >> Is it possible to set NT security for a user programmatically without

    >having
    >> the browser show a basis authentication login?
    >>
    >>
    >>
    >> I assume NT challenge isn't valid in this situation since I need to

    >associate
    >> this person with a local account that has certain permissions)?
    >>
    >> For example: User logs in to my application and I know that this user

    has
    >> permissions PLANSPONSOR setup as a user on the machine with access

    >priviledges
    >> to a certain folder on the machine.
    >>
    >> If I can't would doing the following suffice: 1) make a directory without
    >> a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP

    I
    >> read this directory and show all the files 3) When user selects a link

    I
    >> BinaryWrite the files out to the browser. A casual internet user can't

    see
    >> the files because they can't enter in a directory but my ASP pages can

    >since
    >> I know the physical path. The only hitch is can I get the files and serve
    >> them up in this manner? I don't prefer this because Im going to have to

    >serve
    >> many web sites and come up with a shadow directory structure for each.
    >>

    >
    >



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center