I have written an asp application using SQL server, running on IIS 5, That secures access to files eg Doc, HTML, PDF etc.

This works by checking security access and opening the results in a frame.

The problem I have is that users could just access the Doc file directly if they happened to guess the file location on the server. Is there any way of limiting access to all files in a specific folder on the server and forcing users to access my application.

Any help would be gratefully received.

Cheers

Steve

Hi Steve

You could do this by using NTFS and Windows user accounts if you're doing this in an Intranet evironment. If it's public access the I would move the files outside of the web site directory and put them somewhere obscure and only giving access to the web server accounts, that way only calls through your application (web server) will give the files up for download otherwise the call to the file would be a direct file access request and would be rejected.

On your web serve try this URL and go to Adminstration|Security:

localhost/IISHelp/iis/misc/default.asp

Or open IIS manager and go to the IISHELP directory select default.asp and then browse.

Digga

Sharing Knowledge Saves Valuable Time!!!