|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Protect PDF files via ASP?
I have what I thought would be a simple problem although I've been searching for a few hours with no luck. I have several PDF and MPG files I would like to provide to users to download via HTTP. I also have a database of user accounts. I would like to protect the PDF and MPG files so that users cannot "save target as" or "view source" to directly link to the files. My first thought is that I would have to remove anonymous access to these files and/or their parent folder within IIS. I was thinking that I could then create a Windows account called something like WebUsers and give it access to that folder. I'm hoping to write some ASP code that authenticates my users against my own database and, if successful, logs them into IIS via the WebUsers account (so that all my users share the same account). My problem is I cannot find an code or method or object to do this. Is there some simple function that I can use to pass a username, pw, and domain to IIS to authenticate the user that would then carry through for them to be able to download non-ASP (PDF, etc.) content? Or, am I completely thinking about this the wrong way? It seems to me that this is something that would be fairly common. Thanks, Brian You can use an ADO Sttream object to do this: it reads the file from
its location and streams it to the user. Tim. Show quote "Brian Madden" <br***@brianmadden.com> wrote in message news:%23vxUbtuGFHA.580@TK2MSFTNGP15.phx.gbl... > Hello All, > > I have what I thought would be a simple problem although I've been > searching for a few hours with no luck. > > I have several PDF and MPG files I would like to provide to users to > download via HTTP. I also have a database of user accounts. I would > like to protect the PDF and MPG files so that users cannot "save > target as" or "view source" to directly link to the files. > > My first thought is that I would have to remove anonymous access to > these files and/or their parent folder within IIS. I was thinking > that I could then create a Windows account called something like > WebUsers and give it access to that folder. I'm hoping to write some > ASP code that authenticates my users against my own database and, if > successful, logs them into IIS via the WebUsers account (so that all > my users share the same account). > > My problem is I cannot find an code or method or object to do this. > Is there some simple function that I can use to pass a username, pw, > and domain to IIS to authenticate the user that would then carry > through for them to be able to download non-ASP (PDF, etc.) content? > > Or, am I completely thinking about this the wrong way? It seems to > me that this is something that would be fairly common. > > Thanks, > Brian >
Show quote
"Brian Madden" <br***@brianmadden.com> wrote in message To add to what Tim said ...news:#vxUbtuGFHA.580@TK2MSFTNGP15.phx.gbl... > Hello All, > > I have what I thought would be a simple problem although I've been searching > for a few hours with no luck. > > I have several PDF and MPG files I would like to provide to users to > download via HTTP. I also have a database of user accounts. I would like to > protect the PDF and MPG files so that users cannot "save target as" or "view > source" to directly link to the files. > > My first thought is that I would have to remove anonymous access to these > files and/or their parent folder within IIS. I was thinking that I could > then create a Windows account called something like WebUsers and give it > access to that folder. I'm hoping to write some ASP code that authenticates > my users against my own database and, if successful, logs them into IIS via > the WebUsers account (so that all my users share the same account). > > My problem is I cannot find an code or method or object to do this. Is there > some simple function that I can use to pass a username, pw, and domain to > IIS to authenticate the user that would then carry through for them to be > able to download non-ASP (PDF, etc.) content? > > Or, am I completely thinking about this the wrong way? It seems to me that > this is something that would be fairly common. Put the files outside of the wwwroot path so there is no direct URL access to them. In your ASP code, authenticate your users from your database and then as appropriate use ADODB.Stream to Response.BinaryWrite the contents of the PDF. Here's an example with jpg, just chnage the relevant bits for PDF: http://www.aspfaq.com/show.asp?id=2161 -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS Awesome guys, thanks a lot!
Do any of you have any experience with "Coldlink?" It's a product that does dynamic URL rewriting that includes keys in the URL that are only valid for 5 minutes. (It works as an asapi filter.) In my case I want my solution to be as "real" or "normal" as possible. I have people who will be downloading large video files from a conference, so each file could be several hundred megabytes. Thanks again.. I'll be checking this stuff out today. Brian Show quote "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:e10$kM0GFHA.432@TK2MSFTNGP09.phx.gbl... > "Brian Madden" <br***@brianmadden.com> wrote in message > news:#vxUbtuGFHA.580@TK2MSFTNGP15.phx.gbl... >> Hello All, >> >> I have what I thought would be a simple problem although I've been > searching >> for a few hours with no luck. >> >> I have several PDF and MPG files I would like to provide to users to >> download via HTTP. I also have a database of user accounts. I would like > to >> protect the PDF and MPG files so that users cannot "save target as" or > "view >> source" to directly link to the files. >> >> My first thought is that I would have to remove anonymous access to these >> files and/or their parent folder within IIS. I was thinking that I could >> then create a Windows account called something like WebUsers and give it >> access to that folder. I'm hoping to write some ASP code that > authenticates >> my users against my own database and, if successful, logs them into IIS > via >> the WebUsers account (so that all my users share the same account). >> >> My problem is I cannot find an code or method or object to do this. Is > there >> some simple function that I can use to pass a username, pw, and domain to >> IIS to authenticate the user that would then carry through for them to be >> able to download non-ASP (PDF, etc.) content? >> >> Or, am I completely thinking about this the wrong way? It seems to me >> that >> this is something that would be fairly common. > > To add to what Tim said ... > > Put the files outside of the wwwroot path so there is no direct URL access > to them. In your ASP code, authenticate your users from your database and > then as appropriate use ADODB.Stream to Response.BinaryWrite the contents > of > the PDF. > > Here's an example with jpg, just chnage the relevant bits for PDF: > http://www.aspfaq.com/show.asp?id=2161 > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running > IIS > > On Thu, 24 Feb 2005 22:37:39 -0500, "Brian Madden"
<br***@brianmadden.com> wrote: Show quote >I have what I thought would be a simple problem although I've been searching To add to the others, this is also futile. If you want me to view a>for a few hours with no luck. > >I have several PDF and MPG files I would like to provide to users to >download via HTTP. I also have a database of user accounts. I would like to >protect the PDF and MPG files so that users cannot "save target as" or "view >source" to directly link to the files. > >My first thought is that I would have to remove anonymous access to these >files and/or their parent folder within IIS. I was thinking that I could >then create a Windows account called something like WebUsers and give it >access to that folder. I'm hoping to write some ASP code that authenticates >my users against my own database and, if successful, logs them into IIS via >the WebUsers account (so that all my users share the same account). > >My problem is I cannot find an code or method or object to do this. Is there >some simple function that I can use to pass a username, pw, and domain to >IIS to authenticate the user that would then carry through for them to be >able to download non-ASP (PDF, etc.) content? > >Or, am I completely thinking about this the wrong way? It seems to me that >this is something that would be fairly common. PDF or an MPG, it has to transfer to my system. Once there it's under my control, not yours. I can saved it and send it on. Of course, that only applies to the authorized users after you secure the files, but you can't truly control content on the internet. Jeff Oh yeah, I totally hear what you're saying. Unless I get into the DRM for
the MPEGs, I realize that anyone can do anything with the files. I think some people have the feeling that it's not "stealing" if they just link to the file on my site, even if it's a deep link to a private area. So by implementing the methods outlined here, at least people will be forced to actively get around it (by downloading, saving, and linking) as opposed to just an "innocent" link to the file on my site. Thanks again everyone, Brian Show quote "Jeff Cochran" <jeff.nospam@zina.com> wrote in message news:42224079.908787527@msnews.microsoft.com... > On Thu, 24 Feb 2005 22:37:39 -0500, "Brian Madden" > <br***@brianmadden.com> wrote: > >>I have what I thought would be a simple problem although I've been >>searching >>for a few hours with no luck. >> >>I have several PDF and MPG files I would like to provide to users to >>download via HTTP. I also have a database of user accounts. I would like >>to >>protect the PDF and MPG files so that users cannot "save target as" or >>"view >>source" to directly link to the files. >> >>My first thought is that I would have to remove anonymous access to these >>files and/or their parent folder within IIS. I was thinking that I could >>then create a Windows account called something like WebUsers and give it >>access to that folder. I'm hoping to write some ASP code that >>authenticates >>my users against my own database and, if successful, logs them into IIS >>via >>the WebUsers account (so that all my users share the same account). >> >>My problem is I cannot find an code or method or object to do this. Is >>there >>some simple function that I can use to pass a username, pw, and domain to >>IIS to authenticate the user that would then carry through for them to be >>able to download non-ASP (PDF, etc.) content? >> >>Or, am I completely thinking about this the wrong way? It seems to me that >>this is something that would be fairly common. > > To add to the others, this is also futile. If you want me to view a > PDF or an MPG, it has to transfer to my system. Once there it's under > my control, not yours. I can saved it and send it on. > > Of course, that only applies to the authorized users after you secure > the files, but you can't truly control content on the internet. > > Jeff  |
|||||||||||||||||||||||
Other interesting topics