Restrict acces to .jpg .pdf files in folder

Forum Moderators: mack

Message Too Old, No Replies

Restrict acces to .jpg .pdf files in folder

Lensa

9:50 am on Mar 31, 2008 (gmt 0)

Hi, I have a website written in .asp where logged in users can download pdf and word documents, jpegs and so on. I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download so that people who are not users can not gain access to the documents? Any pointers would be very much appreciated.

surrealillusions

11:45 am on Mar 31, 2008 (gmt 0)

if your using cookies to login, you can check if the cookie exists for pages in those folders. if the cookie doesn't exist, send them to a login page.

As for the actual jpg's and pdf's, not so sure. You could place them in a folder where no-one can guess the name, and use htaccess to rewrite the url. Not sure how that would work though..

hope that helps

Lensa

1:22 pm on Mar 31, 2008 (gmt 0)

Thanks for that. I don't have any web pages in this folder at all - only documents. I really would like to protect the folder so that only users of the site can have access to the folder - but I don't know if this is possible.

jtara

3:38 pm on Mar 31, 2008 (gmt 0)

I have the normal user authentication on each page of the site that is users only, but I would like to know if it is possible to restrict access to the folder that contains the documents for download

First, let me qualify that I know NOTHING of IIS (which I assume is the server you are using) or ASP - I use Apache.

I'm a bit confused here.

You say that you "have the normal user authentication on each page of the site that is users only".

I take that as meaning that you've been successful in making parts of your site off-limits except to logged-in users.

So, why not simply do exactly the same thing for the URLs for the pictures that you have done for the other members-only URLs?

What am I missing?

Lensa

10:37 am on Apr 1, 2008 (gmt 0)

Hi,

The .asp web pages of my site each have an 'authenticate user' section of code at the top of the page. When the user logs in successfully it starts a session with their username and their user access level. Each protected page checks to see that the sessions exist and that the users access level matches the access level required for the page, if not access is denied and they are bumped to a login page.

However when it comes to files - pdf's jpegs, word documents etc it is not possible for me to put this code into the item itself, or into the folder, so I am wondering if there is another way to protect the folder. I thought this might be possible with asp.net web.config file, but I understand this will not prevent access to .jpg or .pdf files. Someone could still paste the url of one of these files into a browser and access it whoever they are. I hope this helps, perhaps I am trying to attempt the impossible, or perhaps I have gone about it completely the wrong way?

mrscruff

9:07 am on Apr 16, 2008 (gmt 0)

Hello there,

Place all the files that you do not want the public to access in a folder out side of you 'www' folder. Then on the downloads page you can serve the item's using the file path in asp.