General discussion
-
Topic
-
Directory Security In IIS
LockedI am building a members-only site accessed through my main website hosted with in IIS. i have built an .asp script to verify users against an access/sql database and reference it on any page i want protected. how can i protect my ‘download’ folder as well? if anyone knows the exact path, they could go straight there, bypassing my authentication method. here’s the catch… i cant use the ACL. many of the users to connect are on multiple OS/NOS platforms AND behind corporate firewalls, barring the ability to authenticate against a win2k domain. in the interum, i have been using PGP-self decrypting downloads as well as randon generated filenames/directories. i still want to protect the ‘download’ dir altogether. any ideas? by the way, ftp hasthe same problem as well. it requires a user account in the ACL.