"Brian Madden" <br***@brianmadden.com> wrote in message
news:uauTay2GFHA.2428@TK2MSFTNGP10.phx.gbl...
> Hello Everyone,
>
> This is sort of a followup to the protecting files question I asked
> earlier today.
>
> I would like to protect a file so that only certain users could download
> it from my website. It would be very easy for me to simply use IIS Admin
> to remove anonymous access to that file and to create a new account on the
> web server and give those account credentials to my users. That would
> prohibit people from directly accessing the file unless they knew the
> username and password.
>
> My question is this: Is there a way for me to write an ASP page that
> "embeds" these logon credentials into a hyperlink to a page, or that
> automatically logs a user on with hard-coded credentials?
>
> What I'm thinking is that I can authenticate my users against my own app's
> database, and then if successful I could perform a behind-the-scenes basic
> Windows logon (with all users using the same Windows account) to actually
> provide the file to the users. (In my case, my user accounts are stored in
> SQL--they are not windows accounts.)
>
> I'm pretty good at figuring out stuff for myself, but I'm not sure that
> I'm searching on the right terms in Google and MSDN. What would I use to
> do what I want to do?
>
> My flow would look like this:
> 1. default.asp (has html form for credentials)
> 2. nextpage.asp (authenticates user to my DB and if successful, performs
> Windows basic logon to authenticate the user to IIS with a generic
> account. At this point we would switch over from "iusr_computername" to
> "user1" or whatever generic name I pick)
> 3. Now that we're authenticated to IIS, the page could link to the
> NTFS-permissioned files.
>
> Using ASP to perform a basic windows logon in step 2 is the section I'm
> having trouble with.
>
> Thanks a million,
> Brian
>