Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: mack
As for the actual jpg's and pdf's, not so sure. You could place them in a folder where no-one can guess the name, and use htaccess to rewrite the url. Not sure how that would work though..
hope that helps
I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download
First, let me qualify that I know NOTHING of IIS (which I assume is the server you are using) or ASP - I use Apache.
I'm a bit confused here.
You say that you "have the normal user authentication on each page of the site that is users only".
I take that as meaning that you've been successful in making parts of your site off-limits except to logged-in users.
So, why not simply do exactly the same thing for the URLs for the pictures that you have done for the other members-only URLs?
What am I missing?
The .asp web pages of my site each have an 'authenticate user' section of code at the top of the page. When the user logs in successfully it starts a session with their username and their user access level. Each protected page checks to see that the sessions exist and that the users access level matches the access level required for the page, if not access is denied and they are bumped to a login page.
However when it comes to files - pdf's jpegs, word documents etc it is not possible for me to put this code into the item itself, or into the folder, so I am wondering if there is another way to protect the folder. I thought this might be possible with asp.net web.config file, but I understand this will not prevent access to .jpg or .pdf files. Someone could still paste the url of one of these files into a browser and access it whoever they are. I hope this helps, perhaps I am trying to attempt the impossible, or perhaps I have gone about it completely the wrong way?