ASP Security for Binary files

I have developed a simple security scheme that stores a cookie on the users
machine and then uses a small script at the top of each page to check that
cookie for authorization before serving the page. The problem I run into
is that I want to return a .PDF file to the client but obviously I can't
put my code into the file. How can I make sure that a user has access to
a certain .pdf (or any binary file for that matter) without resorting to
NTFS permissions?

Thanks

Dana

[519 byte] By [Dana Pellerin] at [2007-11-9 23:50:28]

«« Re: .Net runtime security within a browser
»» Using the Session object with IIS security

# 1 Re: ASP Security for Binary files

All I can suggest is that you dont reinvent the wheel. - however, that said,
there is nothing to stop you keeping a small control list for the files you
want to restrict, then check it before delivering the file.

Regards

John Timney (MVP)

"Dana Pellerin" <ss_Whiplash@yahoo.com> wrote:
>
>I have developed a simple security scheme that stores a cookie on the users
>machine and then uses a small script at the top of each page to check that
>cookie for authorization before serving the page. The problem I run into
>is that I want to return a .PDF file to the client but obviously I can't
>put my code into the file. How can I make sure that a user has access to
>a certain .pdf (or any binary file for that matter) without resorting to
>NTFS permissions?
>
>Thanks
>
>Dana

John Timney -MVP at 2007-11-12 0:15:18 >

# 2 Re: ASP Security for Binary files

How are you authenticating the clients? if you are using IIS you can use basic
over ssl/tls, digest, or certificate mapping over the internet and use acls,
or you can use windows auth on an intranet. if you ABSSOLUTELY cannot use
acls then you can use asp to look at the cookie and if it's valid use a response.write
and write the pdf file back to the user. it's messy, but it works.

Michael Howard
mikehow@microsoft.com

"Dana Pellerin" <ss_Whiplash@yahoo.com> wrote:
>
>I have developed a simple security scheme that stores a cookie on the users
>machine and then uses a small script at the top of each page to check that
>cookie for authorization before serving the page. The problem I run into
>is that I want to return a .PDF file to the client but obviously I can't
>put my code into the file. How can I make sure that a user has access to
>a certain .pdf (or any binary file for that matter) without resorting to
>NTFS permissions?
>
>Thanks
>
>Dana

Michael Howard at 2007-11-12 0:16:18 >

This is a Technology portal site for all the developer, It's a community, here you can post your question when you are learning, working, and soso...we'll make it better than yesterday Everyday...

ASP Security for Binary files

Developer Tech

All Classified

Developer Tech New Topic

Developer Tech Hot Topic