Authorization

[Andrew Robinson]

I have a single web page and associated PDF that I need to protect within a
larger web site. What is the easiest way to do that. Go gain access, users
will go to a page and enter a password. This is for a promotion that we are
doing and I don't need to assign or track usernames. Everyone uses the same
password that is supplied via a usps mailing.

I can place the page and PDF in a sub directory if that helps.

-Andrew

 

[Steven Cheng[MSFT]]

Hi Andrew,

Welcome to ASPNET newsgroup.
From your description, you have a certain pdf file which need to be exposed
to client users through asp.net web page. And you also need to protect the
pdf file from being accessed by unauthenticated users, yes?

If so, I think we can just put the user login UI on the web page so let the
user input username password and in the submit button's postback event, do
the user validation. If the user is a valid user, we just retrieve the PDF
file's binary stream and write it out to the page's response stream.

We can store the PDF file on physical dir as a pdf file or in database.
Anyway, it's better not to put the file in web application's virtual dir so
as to prevent it be browsed by unexpected users. Here is a kb article
mentioned streaming out binary file (on disk) to asp.net page's resposne.

#How To Write Binary Files to the Browser Using ASP.NET and Visual C# .NET
http://support.microsoft.com/?id=306654

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)




--------------------
| From: "Andrew Robinson" <[email protected]>
| Subject: Authorization
| Date: Mon, 24 Oct 2005 14:06:32 -0700
| Lines: 11
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 216.57.203.121
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:133569
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have a single web page and associated PDF that I need to protect within
a
| larger web site. What is the easiest way to do that. Go gain access,
users
| will go to a page and enter a password. This is for a promotion that we
are
| doing and I don't need to assign or track usernames. Everyone uses the
same
| password that is supplied via a usps mailing.
|
| I can place the page and PDF in a sub directory if that helps.
|
| -Andrew
|
|
|

 

[Steven Cheng[MSFT]]

Hi Andrew,

How are you doing on this issue, does the suggestions in my last reply
helps a little? If there're anything else we can help, please feel free to
post here. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| X-Tomcat-ID: 55613072
| References: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: (e-mail address removed) (Steven Cheng[MSFT])
| Organization: Microsoft
| Date: Tue, 25 Oct 2005 03:02:43 GMT
| Subject: RE: Authorization
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Lines: 60
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:133627
| NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
| Hi Andrew,
|
| Welcome to ASPNET newsgroup.
| From your description, you have a certain pdf file which need to be
exposed
| to client users through asp.net web page. And you also need to protect
the
| pdf file from being accessed by unauthenticated users, yes?
|
| If so, I think we can just put the user login UI on the web page so let
the
| user input username password and in the submit button's postback event,
do
| the user validation. If the user is a valid user, we just retrieve the
PDF
| file's binary stream and write it out to the page's response stream.
|
| We can store the PDF file on physical dir as a pdf file or in database.
| Anyway, it's better not to put the file in web application's virtual dir
so
| as to prevent it be browsed by unexpected users. Here is a kb article
| mentioned streaming out binary file (on disk) to asp.net page's resposne.
|
| #How To Write Binary Files to the Browser Using ASP.NET and Visual C# .NET
| http://support.microsoft.com/?id=306654
|
| Hope helps. Thanks,
|
| Steven Cheng
| Microsoft Online Support
|
| Get Secure! www.microsoft.com/security
| (This posting is provided "AS IS", with no warranties, and confers no
| rights.)
|
|
|
|
| --------------------
| | From: "Andrew Robinson" <[email protected]>
| | Subject: Authorization
| | Date: Mon, 24 Oct 2005 14:06:32 -0700
| | Lines: 11
| | X-Priority: 3
| | X-MSMail-Priority: Normal
| | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| | X-RFC2646: Format=Flowed; Original
| | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| | Message-ID: <[email protected]>
| | Newsgroups: microsoft.public.dotnet.framework.aspnet
| | NNTP-Posting-Host: 216.57.203.121
| | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| | Xref: TK2MSFTNGXA01.phx.gbl
| microsoft.public.dotnet.framework.aspnet:133569
| | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| |
| | I have a single web page and associated PDF that I need to protect
within
| a
| | larger web site. What is the easiest way to do that. Go gain access,
| users
| | will go to a page and enter a password. This is for a promotion that we
| are
| | doing and I don't need to assign or track usernames. Everyone uses the
| same
| | password that is supplied via a usps mailing.
| |
| | I can place the page and PDF in a sub directory if that helps.
| |
| | -Andrew
| |
| |
| |
|
|