Protecting documents

Results 1 to 2 of 2

Thread: Protecting documents

  1. #1
    Steve G Guest

    Default Protecting documents

    I have a web-site running on IIS4. Users can attach documents to pieces of information and I store this on a web-shared directory. I control access to the application by requesting an NT login. I then test their username against a database. I want them to be able to click on a link to the document from the application but if they know the URL (or can guess one) I want to stop them from being able to see it without them being checked against the database first (i.e. when they haven't logged in to the application)?

  2. #2
    Adrian Guest

    Default RE: Protecting documents

    You will have to search the database for their user and pass on each page!<BR>You should make one file and just use an include on the other pages.<BR>You should store their user and pass in a cookie, session or pass it along as a querystring (may be time consuming!)<BR>Then call the user: <BR>Cookie: &#060;% user = Request.Cookies("Logon")("user") %&#062;<BR>Sesson: &#060;% user = Session("user") %&#062;<BR>QueryString: &#060;% user = Request.QueryString("user") %&#062;<BR><BR>Then query the database where user = user:<BR>SQL_query="SELECT * FROM ??table?? WHERE user = &#039;"&user & "&#039;"<BR><BR>Then we can check if Pass = (Pass from the database)<BR>if pass is not correct it will be EOF so we can add:<BR>If RSLogin.EOF then <BR> Response.Redirect ("somepage.asp")<BR>End If<BR><BR>You will really need to fix this to work for you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts