I have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page requiring protection: uses session - works fine
B) On quick test sites or temporary stuff I use the Windows Network Authentication provided by my web host. A whole folder is protected at once which is very convenient but it has a problem. If a user types the wrong password and is denied access, the next time they go to type the password, their browser sometimes remembers the wrong password as so they go straight to the 'access denied' 401 page.
How to proceed?
1) Does anyone know of a way of preventing all browsers from cacheing the login info.
2) Is there any way of using ASP to protect whole folders?
I need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%> You are not authorized to view this page <%Else%> <<<Page Code>>> <%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
I have several PDF and MPG files I would like to provide to users to download via HTTP. I also have a database of user accounts. I would like to protect the PDF and MPG files so that users cannot "save target as" or "view source" to directly link to the files.
My first thought is that I would have to remove anonymous access to these files and/or their parent folder within IIS. I was thinking that I could then create a Windows account called something like WebUsers and give it access to that folder. I'm hoping to write some ASP code that authenticates my users against my own database and, if successful, logs them into IIS via the WebUsers account (so that all my users share the same account).
My problem is I cannot find an code or method or object to do this. Is there some simple function that I can use to pass a username, pw, and domain to IIS to authenticate the user that would then carry through for them to be able to download non-ASP (PDF, etc.) content?
I have a protected area for a personal portfolio, whereby a client will have login details, and have access this way. Because the work has been done within companies I have to hide this from the general public, due to stupid legal issues.
I have a download directory whereby files are linked. People cannot access the portfolio, however people can type a full path to say the downloads directory and grab a file this way.
Because this is not a managed area as such I am unsure how to disallow such a download or viewing of pdf files without a successful login. Perhaps this is something to do with the host.
I have a website which contains certain files (ppts, pdfs) in its root directory. By directly giving in the URL in the address bar, anybody can access the files. I want the users to be logged into the website in order to access them.
For example, if the file location is http://abc.com/my.ppt, I would want the user to be redirected to the login page of the website when he/she tries to access this link. If already logged in, the file should download. How can this be done?
I am trying to use the FileSystemObject to create a copy of a directory (including all sub-folders and files within this directory) but i just cant get me head around it.
Can anyone point me to a tutorial or some sourcecode that i can play with?
Would this be a good idea... to create a thumbnail folder and a lg image folder... and then like link it somehow? How would any of you approach this? I want the website to load the thumbnail images into watever given category and then let the thumbnail have a link to a larger picture which clicked on...
Would this be easy to integrate with what i already have??? I'm using filepaths for the mysql database and the images are resized with html so you can see where the problem lies at...
I am wanting to create a search page that will search a folder in the company network (unc path) based on a pdf filename (01223233.pdf etc) and open the file in the browser. acrobat will take care of the rest ....
I have a website.I want to give downloading files from my site to viewers. But I do not want to that viewers have direct access to my files. They must not access by address bar.
For Example,If a person type file name in address bar,this person can not access my file .he/she must login then I allow him/her to download my file . I want to this code with asp and script.
I'm more of a LAMP person than an ASP/windows type (I'll be honest I haven't got a clue about ASP). Anyway, I'm looking for a way to password protect a file. Normally under a unix box I would just use .htaccess and .htpasswd to use http authentication but I don't have a clue how I would do such a thing under a windows box.
the page is to be able to allow a user to enter a password so as to download documents. It does not meant for any users to download. It is for some specific users. What I want is to send them a password through email, but I want to know who's has downloaded.
I have downloaded a nice upload script from the internet, it works great, but I would like to have it protected,so that only the admin user can use this upload page, I'm getting the following error:
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'Request.Session'
If I change it in Request.Cookies, that won't work either.....
I have a Development server that is running Win2k, IIS 5.0, and ASP enabled. I am trying to gain access to an Access 2000 DB located on a file server within my domain. I'm pretty sure I have all the correct permissions set, but I am having problems when trying to access the DB.
The error is similar to:
The Microsoft Jet Database engine cannot open the file '******'. It is already opened exclusively by another user, or you need permission to view its data.
I'm looking for ways to fix this... Microsoft suggests turning off the ability for IIS to sync passwords. Unfortunately, this is not a viable solution for me.
Is it possible to create a new virtual server that is a share to my file server? Put my ASP and MDB file in there and have it work? Anyone have any other ideas?
I am doing a flash map with different categories-shops, services etc.
I want when people click on shops to view all the shops icons(buttons) in the map. They have to be pulled from a database using ASP. How do you save and pull swf files in Access database?
I would like to restrict access to certain PDF files on my webserver. How can they be protected if they are in a "public" directory? For example, lets assume you have your html and asp pages for http://www.xyz.com saved on the server's hdd @ c:xyz.comhtdocs. If you place thefile.pdf in that directory, then all the "unauthorized" person would need to know is the pdf file url, i.e., http://www.xyz.com/thefile.pdf.
Assume I place the pdf file in the following directory on the server c:xyz.compdfs. Is there a way in ASP that I can allow certain visitors to view that file Remember, the asp file would be located on at c:xyz.comhtdocs.
I want to have a simple login system on a website, where there is a private area, where only registered users can enter. I can do this, using a session. My problem is that I want to each user to have access to some files.
So user1 can access file1.zip (imagine) and user2 can access file2a.zip and file2b.zip. Of course, if they don't login, they can't download the file. If I just place the files on the server, with the url any person can download it. Of course there must be a way to do this.
I have just uploaded the files to a where they will reside and am now getting the following error
Error Type: Microsoft JET Database Engine (0x80004005) The Microsoft Jet database engine cannot open the file ' syd9004papc$InetpubwwwrootGMS_Statsgms_st ats.mdb'. It is already opened exclusively by another user, or you need permission to view its data.
I have checked IIS on the server where this DB resides and have allowed as much rights as I can ... Has anyone seen this error before? I realise it must have something to do with security but I don't know if it's IIS or DB related?
How easy is it to access the metadata from office files and PDF's? That is, Author, Title, Keywords, Comments etc...
I want to be able to scan a directory and provide links with descriptions (ie Comments field) for each file within. I can use automation to open and read the office files, but I imagine this would produce too big a load on the webserver. Is there a simple and slick way of doing this?
I have a site that currently is password protected, using a combination of ldap authentication and asp session management. So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page. BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication). So, my problem is, how do i protect these pages using my existing framework?
I have a locally hosted (via an executable) asp application. Does anyone know what would be the best (cheapest) way to add copy protection in it?
The application is an exe web server with the asp pages embedded in the executable. No one can copy the asp pages, but they can copy the executable and distribute it that way. I don't want them to do that.
If there is some sort of wrapper or asp code I could add to it for licensing or registration, please let me know.
I have allways validated user input to pieces prior to integrating it into a SQL statement, in order to avoid SQL Injection attacs. A colleague of mine told me that binding my vars would make them SQL scalar, but I have been left in the dark as to HOW... The web left me none the wiser, as well, so here goes: Anyone got a brief example of binding vars in ASP to get me started?
After trying out 3/4 password scripts which I've used before and won't work today.I've come to the end of my tether! I need a ready made script asap to password protect a set of webpages, something simple with login and p/w for one user.
I have a webpage. However I only want people to access it if they are members of a certain group. When I say group I mean Active Directory group. The log into windows with their Active Directory username and PW, and lets say they are members of 'employee1' group in Active Directory. I'm pretty sure I use ASP, to restrict access to a webpage depending on the users group. how I would go about doing this?
I was trying to integrate a forum software to an existing site. The site is having a different database file already. What i want to do is, copy the forum tables from forum database file to the existing site database. How can I copy the tables from FileA to FileB using ASP?