Re: Protect PDF files via ASP?

From: Tom Kaminski [MVP] ((A_at_T))
Date: 02/25/05 

Date: Fri, 25 Feb 2005 09:05:54 -0500

"Brian Madden" <brian@brianmadden.com> wrote in message
news:#vxUbtuGFHA.580@TK2MSFTNGP15.phx.gbl...
> Hello All,
>
> I have what I thought would be a simple problem although I've been
searching
> for a few hours with no luck.
>
> I have several PDF and MPG files I would like to provide to users to
> download via HTTP. I also have a database of user accounts. I would like
to
> protect the PDF and MPG files so that users cannot "save target as" or
"view
> source" to directly link to the files.
>
> My first thought is that I would have to remove anonymous access to these
> files and/or their parent folder within IIS. I was thinking that I could
> then create a Windows account called something like WebUsers and give it
> access to that folder. I'm hoping to write some ASP code that
authenticates
> my users against my own database and, if successful, logs them into IIS
via
> the WebUsers account (so that all my users share the same account).
>
> My problem is I cannot find an code or method or object to do this. Is
there
> some simple function that I can use to pass a username, pw, and domain to
> IIS to authenticate the user that would then carry through for them to be
> able to download non-ASP (PDF, etc.) content?
>
> Or, am I completely thinking about this the wrong way? It seems to me that
> this is something that would be fairly common.

To add to what Tim said ...

Put the files outside of the wwwroot path so there is no direct URL access
to them. In your ASP code, authenticate your users from your database and
then as appropriate use ADODB.Stream to Response.BinaryWrite the contents of
the PDF.

Here's an example with jpg, just chnage the relevant bits for PDF:
http://www.aspfaq.com/show.asp?id=2161 

-- 
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS

Relevant Pages

  • Re: Protect PDF files via ASP?
    ... >> my users against my own database and, if successful, logs them into IIS ... >> the WebUsers account. ... >> IIS to authenticate the user that would then carry through for them to be ... In your ASP code, authenticate your users from your database and ...
    (microsoft.public.inetserver.asp.general)
  • Re: Cant open network files from IIS 6 .net web apps
    ... configure the IIS AppPool to use this user ... create the same user on the file server ... button on a web form to stream a pdf file to the browser with the pdf ... How do you add the webserver ASP.NET account to the network fileserver ...
    (microsoft.public.dotnet.security)
  • Re: Protect PDF files via ASP?
    ... You can use an ADO Sttream object to do this: ... > I have several PDF and MPG files I would like to provide to users to ... > these files and/or their parent folder within IIS. ... logs them into IIS via the WebUsers account (so that all ...
    (microsoft.public.inetserver.asp.general)
  • Protect PDF files via ASP?
    ... I have several PDF and MPG files I would like to provide to users to ... files and/or their parent folder within IIS. ... the WebUsers account. ...
    (microsoft.public.inetserver.asp.general)
  • Re: IIS6 - How? Force Anonymous and impersonation
    ... >I'm not sure what settings you are talking about, but IIS ... >much just like IIS 5 with regard to impersonation. ... >> possible to force all Users to authenticate as ... >> the User with a specified User account which is not ...
    (microsoft.public.inetserver.iis.security)
Quantcast