Hi,
Here's my scenario: I have a website which is designed to only allow authenticated users to browse. The authentication is done through a simple ASP script to check a database for a valid username and password. If it's good it sets a session variable to allow the user to browse. In this website there is a subfolder containing files which I do not want to be publicly accessible by using direct URL entry (ie; To do this I was considering 2 methods: 1) Set NTFS permissions to only allow authenticated users to see them and 2) using the filesystemobject to retrieve the files from a non-web accessible directory elsewhere on the server.
The problems I'm having with the first option is that because my webpage authenticates to a MySQL database and sets a session variable, technically the authenticated user is still a 'Web Anonymous User' according to Windows.
With the second method, I am having trouble figuring out how to display an image file (ie; .jpg) on the webpage from an <img src> tag using the filesystemobject method of retrieving the file (physical path to the file).
So I'm hoping someone can answer these questions: a) Is there a way using ASP that I can specify a valid NT username so that the user authenticates properly and has access to the files, or, b) does anyone know how to use the filesystemobject to retrieve an image file and display it on the page?
Just to let you know, one thing I tried was using virtual paths to access the folder 1 level up on the physical directory structure which is not web-accessible but because I have disabled parent paths (due to security concerns), this is not possible. Thanks to anyone who can help!
Armando
Here's my scenario: I have a website which is designed to only allow authenticated users to browse. The authentication is done through a simple ASP script to check a database for a valid username and password. If it's good it sets a session variable to allow the user to browse. In this website there is a subfolder containing files which I do not want to be publicly accessible by using direct URL entry (ie; To do this I was considering 2 methods: 1) Set NTFS permissions to only allow authenticated users to see them and 2) using the filesystemobject to retrieve the files from a non-web accessible directory elsewhere on the server.
The problems I'm having with the first option is that because my webpage authenticates to a MySQL database and sets a session variable, technically the authenticated user is still a 'Web Anonymous User' according to Windows.
With the second method, I am having trouble figuring out how to display an image file (ie; .jpg) on the webpage from an <img src> tag using the filesystemobject method of retrieving the file (physical path to the file).
So I'm hoping someone can answer these questions: a) Is there a way using ASP that I can specify a valid NT username so that the user authenticates properly and has access to the files, or, b) does anyone know how to use the filesystemobject to retrieve an image file and display it on the page?
Just to let you know, one thing I tried was using virtual paths to access the folder 1 level up on the physical directory structure which is not web-accessible but because I have disabled parent paths (due to security concerns), this is not possible. Thanks to anyone who can help!
Armando