SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Wizard westmich's Avatar
    Join Date
    Mar 2000
    Location
    Muskegon, MI
    Posts
    2,328
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Does IIS have an equavalent to .htaccess?

    I am doing a member's area in a recent site with Cold Fusion running on a Windows server. I am implementing security with a simple check for a 'Session.Login' at the head of every page. This works fine, but now I need to add the ability to download binary files like Word.

    If this were using Apache, I would probably implement security with a .htaccess file and script the usernames/passwords to a password file. Can something similar be done with IIS? Is there an ability to programably work with username/passwords?
    Westmich
    Smart Web Solutions for Smart Clients
    http://www.mindscapecreative.com

  2. #2
    SitePoint Guru DenverDave's Avatar
    Join Date
    Feb 2001
    Location
    Denver, Colorado
    Posts
    630
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have asked this question several times in the past and never gotten an answer that I have been totally satisfied with. As I understand it, NT has an equivalent at the file systems level, however as a virtual host this does not seem like a solution for me.

    If anyone has an explanation - please post it here.

  3. #3
    SitePoint Wizard wdmny's Avatar
    Join Date
    Jul 2000
    Location
    Here
    Posts
    1,010
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is a perfect candidate for software (ASP) that I pondered making. Anyways, what you would do is store all your restricted binary files together. Then, make a script that recieves the filename of the file via the querystring. This script then checks login details, makes sure the user has permission to access the file, makes sure the file exists, and then outputs the file.

    The file can be outputed either by reading it, setting the Content-Type, and dumping what was read, or doing a Response.Redirect to the file.

  4. #4
    SitePoint Evangelist Umair.ms's Avatar
    Join Date
    Sep 2000
    Location
    Lahore, Pakistan
    Posts
    567
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think there a Groups and Users (in those groups). You can use the IIS Admin Objects to play around with them. But mostly this task is accomplished by components.
    TinyPlanet.org
    Discuss and Debate World Events, Politics and Religion.
    Interact and Share your Views with People around the Globe.

  5. #5
    SitePoint Wizard
    Join Date
    Jan 2001
    Location
    Milton Keynes, UK
    Posts
    1,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As Umair said one way is to use NT/2000 users/groups although I doubt if any host would allow this.

    If you don't go down the NT users rout the only other way that I know of is to use an ISAPI filter to check the HTTP requests. These aren't simple to write and can't be written in VB so you'd be looking at C/C++.

    However, there are commercial products for this, the most well known is Flicks AuthentiX. There are some other's around that offer similar functionality to AuthentiX so you might want to do a search on www.componentsource.com.

    Wes's idea will give basic protection but won't stop people from just entering the URL of the file.

    Microsoft have also got an article in their Knowledge Base about writing a simple VB component that reads a file, outside of the virtual dir, into memory and then writes the file back to the requester. This can't be done with script. Using this method every file request has to go through an asp page, where you could check the security pass/level before processing the file request.
    Last edited by shane; Dec 1, 2001 at 20:38.

  6. #6
    SitePoint Wizard wdmny's Avatar
    Join Date
    Jul 2000
    Location
    Here
    Posts
    1,010
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you used my approach with the method of reading the file, you could have more advanced protection, by placing the directory off the web folder. But, you could just as easily purchase a commercial component (if you wanted to spend the money).

  7. #7
    SitePoint Wizard westmich's Avatar
    Join Date
    Mar 2000
    Location
    Muskegon, MI
    Posts
    2,328
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, I am using a dedicated server so access is not a problem.

    Something like creating a Windows login for the application and then restricting access to the directory would work. When a user logins, I could have a script that automatically logs them in to the Windows login.

    Again, my problem is that I am not sure how or if this can be done.
    Westmich
    Smart Web Solutions for Smart Clients
    http://www.mindscapecreative.com

  8. #8
    SitePoint Evangelist Umair.ms's Avatar
    Join Date
    Sep 2000
    Location
    Lahore, Pakistan
    Posts
    567
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://localhost/iishelp

    in the left treeview:
    select: Active Server Pages Guide
    then: Administering IIS Programmatically

    You might find some useful information there. But it would be better to use a filter approach. You can find a lot of examples for C++ filters on the web, ie. CodeProject.com and Visual C++ samples.
    TinyPlanet.org
    Discuss and Debate World Events, Politics and Religion.
    Interact and Share your Views with People around the Globe.

  9. #9
    SitePoint Wizard
    Join Date
    Jan 2001
    Location
    Milton Keynes, UK
    Posts
    1,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Wes
    If you used my approach with the method of reading the file, you could have more advanced protection, by placing the directory off the web folder.
    True, but you can't do this with script without a custom/third party component, because FSO can't read binary files.

    Articles about creating simple VB components for reading binary files.
    http://www.iisfaq.com/Articles/78/
    http://support.microsoft.com/directo...;EN-US;q193998


    Wsetmich,

    The ADSI section on 15seconds.com might be of help.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •