Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: ocean10000
I have recently inherited a task that is growing more frustrating every minute. I will try however, to get it done with the least amount of friction as possible.
By "friction" I mean that I am not being given access to the web.config file from 'computer services'. What I am being asked to do is create a directory that is password protected. By what I know how to do, this would be extremely easy if I were given access to the web.config file. So according to what I don't know how to do, I am asking you -- You people out there in web-land -- Is there a 'satisfactory' method of protecting this directory using nothing but asp.net and access to MS SQL or Access 2000 database? If worse comes to worse, I am going to protect it using a web form and text files and tell them "you should have given me the tools I needed" when something goes wrong. -- But not really, my work ethic is too high to do something like that. Hence the "satisfactory" method I am seeking!
Thankful for your input!
Sorry to hear about your frustrations. Is it possible for them to set the (virtual)directory as an application in IIS? if so, you can have your own web.config specifically for that directory, and the other one can be left alone.
other than that, I'd perhaps suggest a usercontrol that you drop on every page in that dir that would handle permissions(by session cookies or whatnot..)
Unless your hosting company is willing to set up the password protection then there's not much you can do.
If all your files in that directory are just ASP or ASP pages you can do it by baking your own password protection scripts on each page.
>I am being asked to do is create a directory that is password protected
This makes no sense. Why not go back to client and bottom out te requirements before solving the problem - users, permissions etc.
Then you can create your own authentication cookie
on page load in every page you need to check if user is validated (SQL, Access )
if not set,redirect to login page where you can check if user exists in database.
If user exist and passoword matches set user cookie..
string UserID = GetUserID(username,password)//gets userid from db
Another point is that if you have an index.* the contents won't be seen. In this case unless someone knows the exact file or directory name they won't be able to access it. In other words your file names would be kind of a password. Name them long and hard to guess.