B
Brian Madden
Hello Everyone,
This is sort of a followup to the protecting files question I asked earlier
today.
I would like to protect a file so that only certain users could download it
from my website. It would be very easy for me to simply use IIS Admin to
remove anonymous access to that file and to create a new account on the web
server and give those account credentials to my users. That would prohibit
people from directly accessing the file unless they knew the username and
password.
My question is this: Is there a way for me to write an ASP page that
"embeds" these logon credentials into a hyperlink to a page, or that
automatically logs a user on with hard-coded credentials?
What I'm thinking is that I can authenticate my users against my own app's
database, and then if successful I could perform a behind-the-scenes basic
Windows logon (with all users using the same Windows account) to actually
provide the file to the users. (In my case, my user accounts are stored in
SQL--they are not windows accounts.)
I'm pretty good at figuring out stuff for myself, but I'm not sure that I'm
searching on the right terms in Google and MSDN. What would I use to do what
I want to do?
My flow would look like this:
1. default.asp (has html form for credentials)
2. nextpage.asp (authenticates user to my DB and if successful, performs
Windows basic logon to authenticate the user to IIS with a generic account.
At this point we would switch over from "iusr_computername" to "user1" or
whatever generic name I pick)
3. Now that we're authenticated to IIS, the page could link to the
NTFS-permissioned files.
Using ASP to perform a basic windows logon in step 2 is the section I'm
having trouble with.
Thanks a million,
Brian
This is sort of a followup to the protecting files question I asked earlier
today.
I would like to protect a file so that only certain users could download it
from my website. It would be very easy for me to simply use IIS Admin to
remove anonymous access to that file and to create a new account on the web
server and give those account credentials to my users. That would prohibit
people from directly accessing the file unless they knew the username and
password.
My question is this: Is there a way for me to write an ASP page that
"embeds" these logon credentials into a hyperlink to a page, or that
automatically logs a user on with hard-coded credentials?
What I'm thinking is that I can authenticate my users against my own app's
database, and then if successful I could perform a behind-the-scenes basic
Windows logon (with all users using the same Windows account) to actually
provide the file to the users. (In my case, my user accounts are stored in
SQL--they are not windows accounts.)
I'm pretty good at figuring out stuff for myself, but I'm not sure that I'm
searching on the right terms in Google and MSDN. What would I use to do what
I want to do?
My flow would look like this:
1. default.asp (has html form for credentials)
2. nextpage.asp (authenticates user to my DB and if successful, performs
Windows basic logon to authenticate the user to IIS with a generic account.
At this point we would switch over from "iusr_computername" to "user1" or
whatever generic name I pick)
3. Now that we're authenticated to IIS, the page could link to the
NTFS-permissioned files.
Using ASP to perform a basic windows logon in step 2 is the section I'm
having trouble with.
Thanks a million,
Brian