Web Development

General discussion


directory security in IIS5

By sdfgsdf ·
I am running WIN2K server with IIS5 as my public web server. The bulk of the site allows anonymous access. Their is a members site that requires password protection via an ASP script that validates against an access database. This allows me to protect pages without using the ACL (not to mention purchasing internet access licenses). It allows self registration eliminating much of my administratove overhead. I am adding a download page, but if anyone knows the full path name and naming scheme, they can go directly to the file without first going through the login page My question: how can i secure the directory as well without adding users to the ACL?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

directory security in IIS5

by chennken In reply to directory security in IIS ...


Check out this web site URL. They show you how to protect a file so that the content cannot be read. (aka so a user can't download an .mdb file. The same properties should be transferrable to your situation.


Hope that sheds some light.

This should help too:


Collapse -

directory security in IIS5

by sdfgsdf In reply to directory security in IIS ...

while appreciated, the solutions offered by the urls discussed a system i already have implemented. it protects anything in a database, but still offers no decent directory security. my pages are protected, but i need to prevent users who know the direct path to the download from doing just that.

Related Discussions

Related Forums