Msg#: 3615179 posted 9:50 am on Mar 31, 2008 (gmt 0)
Hi, I have a website written in .asp where logged in users can download pdf and word documents, jpegs and so on. I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download so that people who are not users can not gain access to the documents? Any pointers would be very much appreciated.
Msg#: 3615179 posted 1:22 pm on Mar 31, 2008 (gmt 0)
Thanks for that. I don't have any web pages in this folder at all - only documents. I really would like to protect the folder so that only users of the site can have access to the folder - but I don't know if this is possible.
Msg#: 3615179 posted 10:37 am on Apr 1, 2008 (gmt 0)
The .asp web pages of my site each have an 'authenticate user' section of code at the top of the page. When the user logs in successfully it starts a session with their username and their user access level. Each protected page checks to see that the sessions exist and that the users access level matches the access level required for the page, if not access is denied and they are bumped to a login page.
However when it comes to files - pdf's jpegs, word documents etc it is not possible for me to put this code into the item itself, or into the folder, so I am wondering if there is another way to protect the folder. I thought this might be possible with asp.net web.config file, but I understand this will not prevent access to .jpg or .pdf files. Someone could still paste the url of one of these files into a browser and access it whoever they are. I hope this helps, perhaps I am trying to attempt the impossible, or perhaps I have gone about it completely the wrong way?