Results 1 to 10 of 10
  1. #1
    Join Date
    Sep 2003
    Location
    The extremely Royal borough of Kensington, London
    Posts
    778

    Unanswered: Authenticated File Downloads

    Hi,

    Suppose I have a link to /stuff/test.zip, i only want this file accessible if a valid session has been detected for access rights.

    Could someone please tell me where to look for answers as I do not want to implement download.asp?file=test.zip or similar.

    The html source must be <a href=/stuff/test.zip>Download</a> to which i must validate the user.

    Thanks.

  2. #2
    Join Date
    Feb 2002
    Posts
    2,232
    What is the condition of the access rights - and when do you validate ?

  3. #3
    Join Date
    Nov 2003
    Location
    Australia
    Posts
    4

    Re: Authenticated File Downloads

    Change the file acess from iuser to a newly created user for that file only, then when some1 hits the link they will get a windows logon box, thus is they know the uname and pass wamo they have the file if not, they get a not authorized page

  4. #4
    Join Date
    Sep 2003
    Location
    The extremely Royal borough of Kensington, London
    Posts
    778
    their is a user's table, to which if the user does not have a valid session which is created through a login page then they are redirected back to the login page.
    Bessie Braddock: Winston, you are drunk!
    Churchill: And Madam, you are ugly. And tomorrow, I'll be sober, and you will still be ugly.

  5. #5
    Join Date
    Feb 2002
    Posts
    2,232
    Do you have a session object that establishes permission level based on login ? If so, you can use this session object to enable/disable the link.

  6. #6
    Join Date
    Nov 2003
    Location
    Christchurch, New Zealand
    Posts
    1,618
    If I understand the question correctly wouldn't you have to build something to intercept all HTTP requests and if that http request is pointing to a downloadable file (perhaps identified by being in a particular directory) the check a db or something for a valid session.

    Yeah?

  7. #7
    Join Date
    Sep 2003
    Location
    The extremely Royal borough of Kensington, London
    Posts
    778
    That is the question yes, I don't have any session(s) / objects already created I'm trying to identify how this would be done. Below is a simple process of events that would happen.

    New user/

    1. root/test/files.zip
    2. new session thus redirect root/login.asp?redirect=test/files.zip
    3. visits root/various.index.html
    4. root/test/files2.zip
    5. files2.zip downloaded as session already created.

    Thanks.

    Originally posted by rokslide
    If I understand the question correctly wouldn't you have to build something to intercept all HTTP requests and if that http request is pointing to a downloadable file (perhaps identified by being in a particular directory) the check a db or something for a valid session.

    Yeah?
    Bessie Braddock: Winston, you are drunk!
    Churchill: And Madam, you are ugly. And tomorrow, I'll be sober, and you will still be ugly.

  8. #8
    Join Date
    Nov 2003
    Location
    Christchurch, New Zealand
    Posts
    1,618
    so basically you are talking some kind of isapi dll from my understanding of what these things do.... which I admit is very limited....

  9. #9
    Join Date
    Feb 2002
    Posts
    2,232
    You have 2 choices - isapi filter or isapi server extension.

    filter - will run for every url - use this if you want to check every url submitted.
    server extension - runs only when invoked - specific to that particular url - e.g. http://www.mywebsite.com/runthis.dll? - allows you to create a customized download functionality. Put the files a non-iis directory while allowing the dll access based on authorization.

  10. #10
    Join Date
    Feb 2002
    Posts
    2,232
    Have you developed in ms vc++ or delphi ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •