FYI, I've had good experience w/ below product on a server I ran. Don't know if you can make this econimical but it would be a nice addition to your suite of services. It allows you to password protect IIs directories w/out a windows acct. and user info can be stored in a database. http://media3.net/services/authentix/comp.htm
what they are doing is ISAPI password protection. we do not offer this because 1) ISAPI is dangerous 2) You can already do this with ASP.NET Bruce DiscountASP.NET www.DiscountASP.NET
>2) You can already do this with ASP.NET If #2 is not dangerous can you point me to a good article on this?
I appreciate your taking the time to answer that question. I do know how to prompt a user to authenticate to a page. But that does not protect other files in the directory such as a downloadable file. You can still get to that via a url directly to the file w/out going thru a page. On other types of web servers you would use htaccess files. Is there any equivalent here?
There are many articles written on this topic, here are a few http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000012.asp http://www.asp101.com/Samples/login_aspx.asp http://www.15seconds.com/issue/020220.htm Post Edited By Moderator (Joel Thoms) : 6/3/2006 1:19:22 AM GMT
In ASP.NET 2.0, you can secure non-ASP.NET files, such that all files will go through your forms authentication. See http://www.asp.net/QuickStart/aspnet/doc/tipstricks/default.aspx#securingnonaspnetcontent. Send a ticket to DiscountASP support if you wish to have the wildcard mapping configured on your site. Aristotle DiscountASP.NET www.DiscountASP.NET
From the Control Panel we change READ/WRITE permissions. Any chance we could get the ability to remove EXECUTE rights on particular folders ?
Thanks Bruce for the prompt reply. Maybe you can suggest another avenue: I have planned topermit users to upload files which appear later as hyperlinked resources. It occured to me that a nasty user mighttry to upload a script/aspx file and have it execute on the server. Filtering what they upload is one answer. It occured to me that a more robust answer would be to allow read but not execute permission on the destination folder(s). Any thoughts ?
OK.. What you are looking for is IIS permission rather than NTFS permission. We can manually switch off IIS exe permission on a folder you want. Please create a support ticket. In addition, I recommend you restrict user from uploading certain file extension in your application regardless. Bruce DiscountASP.NET www.DiscountASP.NET
Another option would be to store the files somewhere like '/App_Data/stuff/xxx' and create a 'GetFile.aspx?file=xxx' that would read from the stuff directory and write to the browser. Joel Thoms DiscountASP.NET http://www.DiscountASP.NET
