directory permissions question

  • Thread starter Thread starter carla
  • Start date Start date
C

carla

We have a bunch of articles that visitors to our website can read. They do a
search, and we present a list of matching article links. The files are named
sequentially: art1.htm, art2.htm, art3, htm, and so on. The articles
directory is located benath our web app:

inetpub
wwwroot
webapp
articles

How can we make the \articles subdirectory off-limits to web browsers and
search engines but readable by our web app?
Thanks
C.
 
you can set these permission up in IIS.

When you go to the properties if the articles directory, go into 'Directory
Security' and click 'Edit'
From there you can disallow 'Anonymous access'.

Now this will solve your problem is the articles are not allowed to be
accessed by web browsers (as per you question).

But i think what your really trying to do, is disallow the folder to
unauthenticated users.
i.e. they will still be accessible via the web browser but only if your
logged in (my ASSumption, correct if i'm wrong)
In this case you can use forms/windows/passport authentication to disallow
users into that directory which is specified in the web.config file.
For this to work, these files may need to be changed to .aspx pages instead
of .htm pages. They don't have to be dynamic, but will just give .NET
control over there access.

If my assumption is wrong, then by disallowing 'Anonymous Access' as said
above, the folder will be inaccesible via a web browser, but you .net code
will be able to access those folders and either stream the contents to the
user or email them to the user .. but NOT DISPLAY them in a browser.

Hope this is clear
 
Thanks for your help, Grant.

We can't convert the .htm docs to .aspx -- they're provided by a third-party
affiliate, they are tons of them, and we get periodic updates/changes to
their content. We want to be able to display them in the browser but prevent
the user from typing in a URL which would take them directly to the
document, like this:

www.ourdomain.com/app/articles/art99.htm

because we need to track article usage (how many times each article is
opened and which visitor opened it) and that's done when the hyperlink in
our "matching results" listing is clicked. If visitors can go directly to
the .htm articles by typing in a URL (or by bookmarking them) they can
bypass our tracking mechanism.

I'm thinking that our wish is impossible, because either the .htm doc is
accessible or it's inaccessible. But I thought maybe we could move the
articles folder outside the web app:

articles
inetpub
wwwroot
app

and somehow make the articles directory inaccessible to anonymous access but
still visible for Response.Redirect(uri) or WebRequest.Create(uri) if we
used a "file://" prefix and some ad-hoc credentials? Is that kind of thing
possible in asp.net?
Regards,
C.
 
Back
Top