NT security and ASP
I want to secure a directory from normal Internet users but make it accessible
to certain users that have already logged in to my database driven application.
Is it possible to set NT security for a user programmatically without having
the browser show a basis authentication login?
I assume NT challenge isn't valid in this situation since I need to associate
this person with a local account that has certain permissions)?
For example: User logs in to my application and I know that this user has
permissions PLANSPONSOR setup as a user on the machine with access priviledges
to a certain folder on the machine.
If I can't would doing the following suffice: 1) make a directory without
a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP I
read this directory and show all the files 3) When user selects a link I
BinaryWrite the files out to the browser. A casual internet user can't see
the files because they can't enter in a directory but my ASP pages can since
I know the physical path. The only hitch is can I get the files and serve
them up in this manner? I don't prefer this because Im going to have to serve
many web sites and come up with a shadow directory structure for each.
# 1 Re: NT security and ASP
"John Rigsby" <john.rigsby@corbel.com> wrote:
>
>I want to secure a directory from normal Internet users but make it accessible
>to certain users that have already logged in to my database driven application.
>Is it possible to set NT security for a user programmatically without having
>the browser show a basis authentication login?
>
>
>
>I assume NT challenge isn't valid in this situation since I need to associate
>this person with a local account that has certain permissions)?
>
>For example: User logs in to my application and I know that this user has
>permissions PLANSPONSOR setup as a user on the machine with access priviledges
>to a certain folder on the machine.
>
>If I can't would doing the following suffice: 1) make a directory without
>a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP
I
>read this directory and show all the files 3) When user selects a link I
>BinaryWrite the files out to the browser. A casual internet user can't see
>the files because they can't enter in a directory but my ASP pages can since
>I know the physical path. The only hitch is can I get the files and serve
>them up in this manner? I don't prefer this because Im going to have to
serve
>many web sites and come up with a shadow directory structure for each.
>
Hi John,
I have two solutions for your problem:
1) If you use NTFS file system you can set the file access permissions for
the files so that they can be accessed by the registered users only. If you
use NTLM login, IIS will run the ASP pages under the security context of
the authenticated user. The down side of this approach is that you will have
to manage a large number of Windows accounts, map them to appropriate groups
and give those groups permissions to access files on your file system. So,
every time you add a new user you have to create a new NT account and add
it to security groups.
2) You can authenticate users against a database and have a COM object changing
the security context of the authenticated users to a user account that has
permissions to access the files using COM+ CoImpersonateClient interface.
This way your ASP pages will run under IUSR_MACHINE security context, but
you can switch the security context in your COM object to, say PLANSPONSOR
user that is the only NT user having READ access to the files that you want
to protect.
Dan.
# 2 Re: NT security and ASP
You can also try ScriptX's FileSystemObject it allows you to set the user
context in which to access files on the server.
"John Rigsby" <john.rigsby@corbel.com> wrote in message
news:398ee76b$1@news.dev-archive.com...
>
> I want to secure a directory from normal Internet users but make it
accessible
> to certain users that have already logged in to my database driven
application.
> Is it possible to set NT security for a user programmatically without
having
> the browser show a basis authentication login?
>
>
>
> I assume NT challenge isn't valid in this situation since I need to
associate
> this person with a local account that has certain permissions)?
>
> For example: User logs in to my application and I know that this user has
> permissions PLANSPONSOR setup as a user on the machine with access
priviledges
> to a certain folder on the machine.
>
> If I can't would doing the following suffice: 1) make a directory without
> a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP I
> read this directory and show all the files 3) When user selects a link I
> BinaryWrite the files out to the browser. A casual internet user can't see
> the files because they can't enter in a directory but my ASP pages can
since
> I know the physical path. The only hitch is can I get the files and serve
> them up in this manner? I don't prefer this because Im going to have to
serve
> many web sites and come up with a shadow directory structure for each.
>
# 3 Re: NT security and ASP
the FSO built into ActiveScripting does this today - the asp page impersonates
the user and then invokes the FSO - so FSO runs as the user. no magic needed!!
"Gene Black" <geblack@att.net> wrote:
>You can also try ScriptX's FileSystemObject it allows you to set the user
>context in which to access files on the server.
>
>
>"John Rigsby" <john.rigsby@corbel.com> wrote in message
>news:398ee76b$1@news.dev-archive.com...
>>
>> I want to secure a directory from normal Internet users but make it
>accessible
>> to certain users that have already logged in to my database driven
>application.
>> Is it possible to set NT security for a user programmatically without
>having
>> the browser show a basis authentication login?
>>
>>
>>
>> I assume NT challenge isn't valid in this situation since I need to
>associate
>> this person with a local account that has certain permissions)?
>>
>> For example: User logs in to my application and I know that this user
has
>> permissions PLANSPONSOR setup as a user on the machine with access
>priviledges
>> to a certain folder on the machine.
>>
>> If I can't would doing the following suffice: 1) make a directory without
>> a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP
I
>> read this directory and show all the files 3) When user selects a link
I
>> BinaryWrite the files out to the browser. A casual internet user can't
see
>> the files because they can't enter in a directory but my ASP pages can
>since
>> I know the physical path. The only hitch is can I get the files and serve
>> them up in this manner? I don't prefer this because Im going to have to
>serve
>> many web sites and come up with a shadow directory structure for each.
>>
>
>
