Welcome to WebmasterWorld Guest from 54.226.47.198

Forum Moderators: mack

Message Too Old, No Replies

Restrict acces to .jpg .pdf files in folder

     
9:50 am on Mar 31, 2008 (gmt 0)

New User

5+ Year Member

joined:Dec 6, 2006
posts:13
votes: 0


Hi, I have a website written in .asp where logged in users can download pdf and word documents, jpegs and so on. I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download so that people who are not users can not gain access to the documents? Any pointers would be very much appreciated.
11:45 am on Mar 31, 2008 (gmt 0)

Preferred Member

5+ Year Member

joined:Dec 10, 2007
posts:507
votes: 0


if your using cookies to login, you can check if the cookie exists for pages in those folders. if the cookie doesn't exist, send them to a login page.

As for the actual jpg's and pdf's, not so sure. You could place them in a folder where no-one can guess the name, and use htaccess to rewrite the url. Not sure how that would work though..

hope that helps

:)

1:22 pm on Mar 31, 2008 (gmt 0)

New User

5+ Year Member

joined:Dec 6, 2006
posts:13
votes: 0


Thanks for that. I don't have any web pages in this folder at all - only documents. I really would like to protect the folder so that only users of the site can have access to the folder - but I don't know if this is possible.
3:38 pm on Mar 31, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download

First, let me qualify that I know NOTHING of IIS (which I assume is the server you are using) or ASP - I use Apache.

I'm a bit confused here.

You say that you "have the normal user authentication on each page of the site that is users only".

I take that as meaning that you've been successful in making parts of your site off-limits except to logged-in users.

So, why not simply do exactly the same thing for the URLs for the pictures that you have done for the other members-only URLs?

What am I missing?

10:37 am on Apr 1, 2008 (gmt 0)

New User

5+ Year Member

joined:Dec 6, 2006
posts:13
votes: 0


Hi,

The .asp web pages of my site each have an 'authenticate user' section of code at the top of the page. When the user logs in successfully it starts a session with their username and their user access level. Each protected page checks to see that the sessions exist and that the users access level matches the access level required for the page, if not access is denied and they are bumped to a login page.

However when it comes to files - pdf's jpegs, word documents etc it is not possible for me to put this code into the item itself, or into the folder, so I am wondering if there is another way to protect the folder. I thought this might be possible with asp.net web.config file, but I understand this will not prevent access to .jpg or .pdf files. Someone could still paste the url of one of these files into a browser and access it whoever they are. I hope this helps, perhaps I am trying to attempt the impossible, or perhaps I have gone about it completely the wrong way?

9:07 am on Apr 16, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 22, 2008
posts:43
votes: 0


Hello there,

Place all the files that you do not want the public to access in a folder out side of you 'www' folder. Then on the downloads page you can serve the item's using the file path in asp.