Re: Securing files on IIS

From: Brad Kingsley (bklists_at_orcsweb.com)
Date: 09/11/04 

Date: Sat, 11 Sep 2004 19:23:11 -0400

How about placing all those files in a secure location (denied HTTP or even
outside the web root) and then when an authenticated user requests a file,
stream it out to them. 

-- 
~Brad Kingsley
Microsoft MVP - ASP/.Net
Windows 2000 MCSE
http://www.orcsweb.com/
Powerful Web Hosting Solutions
#1 in Service and Support
"Gopi" <gopi_vs2@hotmail.com> wrote in message 
news:2477d20e.0409111509.624be874@posting.google.com...
> Hi,
>
> How should I secure the files (EXE, PDF, ZIP, PPT) on a form
> authentication based website. Am using simple ASP/SQL to authenticate.
> I have a validation script running on all the ASP pages on the
> website, which redirects an unauthorized user to the login page. But,
> how should I set up the same for the EXE, PDF, ZIP, PPT, etc files? I
> do not want the ASP.NET/web.config related method.
>
> I do know about the windows authentication that can be augmented to a
> particular folder containing all the related files. But, I would like
> to use the same form authentication on the website to secure the
> files. I mean, a single point of authentication for the website and as
> well as the files on the server. I want the anonymous user to be
> redirected to the login page when he keys in the url of the file
> directly in the browser (say, he should be directed to the login page
> if he keys in something like: http://vgopi2.site.com/important.exe)
>
> I think this can be done with an ISAPI filter, but I need the details.
>
> Gopi

Relevant Pages

  • Re: PEAP-TLS vs EAP-TLS
    ... The documentation is correct in the order of being most secure though most ... confusing here is that EAP and EAP-TLS are not the same. ... does not allow authentication to be done in clear text. ... Take a look at "Securing Wireless LANs with Certificate Services" ...
    (microsoft.public.windows.server.security)
  • Re: RE: Telnet/SSL v SSH
    ... My real question is which is better to secure the communication between them. ... I'm interested in authentication and non-repudiation if possible. ... >nearly the same robustness as SSH from the perspective of Authentication, ...
    (Security-Basics)
  • Re: PEAP-TLS vs EAP-TLS
    ... and PEAP is that PEAP is a two-step process where 1) the RADIUS server is ... authenticated to the client via the RADIUS server's certificate, ... encrypted TLS channel is set up for 2) client authentication (either using ... But I wonder how much more secure PEAP-TLS is than EAP-TLS, ...
    (microsoft.public.windows.server.security)
  • Re: How do I prevent unauthorized ssh login attempts?
    ... public/private keys or username/password. ... The key word that I made sure to put in was 'remote'. ... With passphrases, it becomes a two-step authentication, one locally to unlock the private key, and one remotely to at least confirm that you have the other half of the key. ... you may know better than I do: is there a web page or blog somewhere that coalesces all the different things that should be done/are currently best-practice to secure a system? ...
    (freebsd-questions)
  • Re: Login Page
    ... having your web application handle authentication as opposed to the server ... > I am looking for a way to make my website secure. ... > login page and all the pages after that are secure also. ...
    (microsoft.public.dotnet.framework.aspnet)