homepage Welcome to WebmasterWorld Guest from 54.196.201.253
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Restrict acces to .jpg .pdf files in folder
Lensa




msg:3615181
 9:50 am on Mar 31, 2008 (gmt 0)

Hi, I have a website written in .asp where logged in users can download pdf and word documents, jpegs and so on. I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download so that people who are not users can not gain access to the documents? Any pointers would be very much appreciated.

 

surrealillusions




msg:3615247
 11:45 am on Mar 31, 2008 (gmt 0)

if your using cookies to login, you can check if the cookie exists for pages in those folders. if the cookie doesn't exist, send them to a login page.

As for the actual jpg's and pdf's, not so sure. You could place them in a folder where no-one can guess the name, and use htaccess to rewrite the url. Not sure how that would work though..

hope that helps

:)

Lensa




msg:3615310
 1:22 pm on Mar 31, 2008 (gmt 0)

Thanks for that. I don't have any web pages in this folder at all - only documents. I really would like to protect the folder so that only users of the site can have access to the folder - but I don't know if this is possible.

jtara




msg:3615410
 3:38 pm on Mar 31, 2008 (gmt 0)

I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download

First, let me qualify that I know NOTHING of IIS (which I assume is the server you are using) or ASP - I use Apache.

I'm a bit confused here.

You say that you "have the normal user authentication on each page of the site that is users only".

I take that as meaning that you've been successful in making parts of your site off-limits except to logged-in users.

So, why not simply do exactly the same thing for the URLs for the pictures that you have done for the other members-only URLs?

What am I missing?

Lensa




msg:3616072
 10:37 am on Apr 1, 2008 (gmt 0)

Hi,

The .asp web pages of my site each have an 'authenticate user' section of code at the top of the page. When the user logs in successfully it starts a session with their username and their user access level. Each protected page checks to see that the sessions exist and that the users access level matches the access level required for the page, if not access is denied and they are bumped to a login page.

However when it comes to files - pdf's jpegs, word documents etc it is not possible for me to put this code into the item itself, or into the folder, so I am wondering if there is another way to protect the folder. I thought this might be possible with asp.net web.config file, but I understand this will not prevent access to .jpg or .pdf files. Someone could still paste the url of one of these files into a browser and access it whoever they are. I hope this helps, perhaps I am trying to attempt the impossible, or perhaps I have gone about it completely the wrong way?

mrscruff




msg:3627989
 9:07 am on Apr 16, 2008 (gmt 0)

Hello there,

Place all the files that you do not want the public to access in a folder out side of you 'www' folder. Then on the downloads page you can serve the item's using the file path in asp.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved