Hi,

Suppose I have a link to /stuff/test.zip, i only want this file accessible if a valid session has been detected for access rights.

Could someone please tell me where to look for answers as I do not want to implement download.asp?file=test.zip or similar.

The html source must be <a href=/stuff/test.zip>Download</a> to which i must validate the user.

Thanks.

What is the condition of the access rights - and when do you validate ?

Change the file acess from iuser to a newly created user for that file only, then when some1 hits the link they will get a windows logon box, thus is they know the uname and pass wamo they have the file if not, they get a not authorized page

their is a user's table, to which if the user does not have a valid session which is created through a login page then they are redirected back to the login page.

Do you have a session object that establishes permission level based on login ? If so, you can use this session object to enable/disable the link.

If I understand the question correctly wouldn't you have to build something to intercept all HTTP requests and if that http request is pointing to a downloadable file (perhaps identified by being in a particular directory) the check a db or something for a valid session.

Yeah?

That is the question yes, I don't have any session(s) / objects already created I'm trying to identify how this would be done. Below is a simple process of events that would happen.

New user/

1. root/test/files.zip
2. new session thus redirect root/login.asp?redirect=test/files.zip
3. visits root/various.index.html
4. root/test/files2.zip
5. files2.zip downloaded as session already created.

Thanks.

so basically you are talking some kind of isapi dll from my understanding of what these things do.... which I admit is very limited....

You have 2 choices - isapi filter or isapi server extension.

filter - will run for every url - use this if you want to check every url submitted.
server extension - runs only when invoked - specific to that particular url - e.g. http://www.mywebsite.com/runthis.dll? - allows you to create a customized download functionality. Put the files a non-iis directory while allowing the dll access based on authorization.

Have you developed in ms vc++ or delphi ?