file protection

any setting can protect the special folder that not allow user to download
from browser/url, but the files/directories can access by aspx/asp
script(Content Management System), how i can setup this up? use NTFS
permission or IIS can do this??

e.g:
userA type http://localhost/website1/download/doc1.doc , system will show
incorrect or password protected message. When userA access the CMS with
application's loginid & pwd, they can upload and replace doc1.doc though
asp/aspx script without any permission problem

Any ideas? pls comments and advise. Thanks.

Re: file protection

ASP/ASPX page can change any file on the file system (assuming it has NTFS
permissions).

So, simply locate the documents *outside* the web site's root folder.

Cheers
Ken


"beachboy" wrote in message
news:OW$xQ8V1GHA.4816@TK2MSFTNGP06.phx.gbl...
> any setting can protect the special folder that not allow user to download
> from browser/url, but the files/directories can access by aspx/asp
> script(Content Management System), how i can setup this up? use NTFS
> permission or IIS can do this??
>
> e.g:
> userA type http://localhost/website1/download/doc1.doc , system will show
> incorrect or password protected message. When userA access the CMS with
> application's loginid & pwd, they can upload and replace doc1.doc though
> asp/aspx script without any permission problem
>
> Any ideas? pls comments and advise. Thanks.
>
>

Re: file protection

oh.. sorry . this is one requirement of my infrastructure.
- protected folder must within website's root folder

any comments and advise. Thanks in advanced.

"Ken Schaefer" ¦b¶l¥ó
news:u600yCW1GHA.772@TK2MSFTNGP05.phx.gbl ¤¤¼¶¼g...
> ASP/ASPX page can change any file on the file system (assuming it has NTFS
> permissions).
>
> So, simply locate the documents *outside* the web site's root folder.
>
> Cheers
> Ken
>
>
> "beachboy" wrote in message
> news:OW$xQ8V1GHA.4816@TK2MSFTNGP06.phx.gbl...
> > any setting can protect the special folder that not allow user to
download
> > from browser/url, but the files/directories can access by aspx/asp
> > script(Content Management System), how i can setup this up? use NTFS
> > permission or IIS can do this??
> >
> > e.g:
> > userA type http://localhost/website1/download/doc1.doc , system will
show
> > incorrect or password protected message. When userA access the CMS with
> > application's loginid & pwd, they can upload and replace doc1.doc though
> > asp/aspx script without any permission problem
> >
> > Any ideas? pls comments and advise. Thanks.
> >
> >
>
>

Re: file protection

Open IIS Manager, and locate the folder where your protected content is.
Remove the "Read" permission from that folder. That will stop direct
requests for static files in that folder.

Cheers
Ken

"beachboy" wrote in message
news:ux6VfUX1GHA.4108@TK2MSFTNGP04.phx.gbl...
> oh.. sorry . this is one requirement of my infrastructure.
> - protected folder must within website's root folder
>
> any comments and advise. Thanks in advanced.
>
> "Ken Schaefer" ¦b¶l¥ó
> news:u600yCW1GHA.772@TK2MSFTNGP05.phx.gbl ¤¤¼¶¼g...
>> ASP/ASPX page can change any file on the file system (assuming it has
>> NTFS
>> permissions).
>>
>> So, simply locate the documents *outside* the web site's root folder.
>>
>> Cheers
>> Ken
>>
>>
>> "beachboy" wrote in message
>> news:OW$xQ8V1GHA.4816@TK2MSFTNGP06.phx.gbl...
>> > any setting can protect the special folder that not allow user to
> download
>> > from browser/url, but the files/directories can access by aspx/asp
>> > script(Content Management System), how i can setup this up? use NTFS
>> > permission or IIS can do this??
>> >
>> > e.g:
>> > userA type http://localhost/website1/download/doc1.doc , system will
> show
>> > incorrect or password protected message. When userA access the CMS with
>> > application's loginid & pwd, they can upload and replace doc1.doc
>> > though
>> > asp/aspx script without any permission problem
>> >
>> > Any ideas? pls comments and advise. Thanks.
>> >
>> >
>>
>>
>
>

Re: file protection

Or, just create a "virtual" folder (Right click, new, virtual folder) with
the same name as the folder you want to protect. Map it to the root of your
web.

That will avoid user/pass and permission issues, and prevent anybody from
using HTTP to access the folder. You can then use FTP, or ASP (which isn't
talking to the web server at that level) to store and pull or put files
there normally.

"Ken Schaefer" wrote in message
news:OTH%23OMa1GHA.1336@TK2MSFTNGP03.phx.gbl...
> Open IIS Manager, and locate the folder where your protected content is.
> Remove the "Read" permission from that folder. That will stop direct
> requests for static files in that folder.
>
> Cheers
> Ken
>
> "beachboy" wrote in message
> news:ux6VfUX1GHA.4108@TK2MSFTNGP04.phx.gbl...
>> oh.. sorry . this is one requirement of my infrastructure.
>> - protected folder must within website's root folder
>>
>> any comments and advise. Thanks in advanced.
>>
>> "Ken Schaefer" ¦b¶l¥ó
>> news:u600yCW1GHA.772@TK2MSFTNGP05.phx.gbl ¤¤¼¶¼g...
>>> ASP/ASPX page can change any file on the file system (assuming it has
>>> NTFS
>>> permissions).
>>>
>>> So, simply locate the documents *outside* the web site's root folder.
>>>
>>> Cheers
>>> Ken
>>>
>>>
>>> "beachboy" wrote in message
>>> news:OW$xQ8V1GHA.4816@TK2MSFTNGP06.phx.gbl...
>>> > any setting can protect the special folder that not allow user to
>> download
>>> > from browser/url, but the files/directories can access by aspx/asp
>>> > script(Content Management System), how i can setup this up? use NTFS
>>> > permission or IIS can do this??
>>> >
>>> > e.g:
>>> > userA type http://localhost/website1/download/doc1.doc , system will
>> show
>>> > incorrect or password protected message. When userA access the CMS
>>> > with
>>> > application's loginid & pwd, they can upload and replace doc1.doc
>>> > though
>>> > asp/aspx script without any permission problem
>>> >
>>> > Any ideas? pls comments and advise. Thanks.
>>> >
>>> >
>>>
>>>
>>
>>
>
>

Re: file protection

Erm, how would this work? What's to stop the "bad guy" just typing in the
URL to the file?

Cheers
Ken

"Funkadyleik Spynwhanker" wrote in
message news:9%eNg.798$5i7.189@newsreading01.news.tds.net...
> Or, just create a "virtual" folder (Right click, new, virtual folder) with
> the same name as the folder you want to protect. Map it to the root of
> your web.
>
> That will avoid user/pass and permission issues, and prevent anybody from
> using HTTP to access the folder. You can then use FTP, or ASP (which
> isn't talking to the web server at that level) to store and pull or put
> files there normally.
>
> "Ken Schaefer" wrote in message
> news:OTH%23OMa1GHA.1336@TK2MSFTNGP03.phx.gbl...
>> Open IIS Manager, and locate the folder where your protected content is.
>> Remove the "Read" permission from that folder. That will stop direct
>> requests for static files in that folder.
>>
>> Cheers
>> Ken
>>
>> "beachboy" wrote in message
>> news:ux6VfUX1GHA.4108@TK2MSFTNGP04.phx.gbl...
>>> oh.. sorry . this is one requirement of my infrastructure.
>>> - protected folder must within website's root folder
>>>
>>> any comments and advise. Thanks in advanced.
>>>
>>> "Ken Schaefer" ¦b¶l¥ó
>>> news:u600yCW1GHA.772@TK2MSFTNGP05.phx.gbl ¤¤¼¶¼g...
>>>> ASP/ASPX page can change any file on the file system (assuming it has
>>>> NTFS
>>>> permissions).
>>>>
>>>> So, simply locate the documents *outside* the web site's root folder.
>>>>
>>>> Cheers
>>>> Ken
>>>>
>>>>
>>>> "beachboy" wrote in message
>>>> news:OW$xQ8V1GHA.4816@TK2MSFTNGP06.phx.gbl...
>>>> > any setting can protect the special folder that not allow user to
>>> download
>>>> > from browser/url, but the files/directories can access by aspx/asp
>>>> > script(Content Management System), how i can setup this up? use NTFS
>>>> > permission or IIS can do this??
>>>> >
>>>> > e.g:
>>>> > userA type http://localhost/website1/download/doc1.doc , system will
>>> show
>>>> > incorrect or password protected message. When userA access the CMS
>>>> > with
>>>> > application's loginid & pwd, they can upload and replace doc1.doc
>>>> > though
>>>> > asp/aspx script without any permission problem
>>>> >
>>>> > Any ideas? pls comments and advise. Thanks.
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>
>>
>
>