directory permissions question

Re: directory permissions question

you can set these permission up in IIS.

When you go to the properties if the articles directory, go into 'Directory
Security' and click 'Edit'
From there you can disallow 'Anonymous access'.

Now this will solve your problem is the articles are not allowed to be
accessed by web browsers (as per you question).

But i think what your really trying to do, is disallow the folder to
unauthenticated users.
i.e. they will still be accessible via the web browser but only if your
logged in (my ASSumption, correct if i'm wrong)
In this case you can use forms/windows/passport authentication to disallow
users into that directory which is specified in the web.config file.
For this to work, these files may need to be changed to .aspx pages instead
of .htm pages. They don't have to be dynamic, but will just give .NET
control over there access.

If my assumption is wrong, then by disallowing 'Anonymous Access' as said
above, the folder will be inaccesible via a web browser, but you .net code
will be able to access those folders and either stream the contents to the
user or email them to the user .. but NOT DISPLAY them in a browser.

Hope this is clear

"carla" <carla@nowhere. biz> wrote in message
news:OSdp0orNFH A.568@TK2MSFTNG P09.phx.gbl...[color=blue]
> We have a bunch of articles that visitors to our website can read. They do
> a
> search, and we present a list of matching article links. The files are
> named
> sequentially: art1.htm, art2.htm, art3, htm, and so on. The articles
> directory is located benath our web app:
>
> inetpub
> wwwroot
> webapp
> articles
>
> How can we make the \articles subdirectory off-limits to web browsers and
> search engines but readable by our web app?
> Thanks
> C.
>
>[/color]

Re: directory permissions question

Thanks for your help, Grant.

We can't convert the .htm docs to .aspx -- they're provided by a third-party
affiliate, they are tons of them, and we get periodic updates/changes to
their content. We want to be able to display them in the browser but prevent
the user from typing in a URL which would take them directly to the
document, like this:



because we need to track article usage (how many times each article is
opened and which visitor opened it) and that's done when the hyperlink in
our "matching results" listing is clicked. If visitors can go directly to
the .htm articles by typing in a URL (or by bookmarking them) they can
bypass our tracking mechanism.

I'm thinking that our wish is impossible, because either the .htm doc is
accessible or it's inaccessible. But I thought maybe we could move the
articles folder outside the web app:

articles
inetpub
wwwroot
app

and somehow make the articles directory inaccessible to anonymous access but
still visible for Response.Redire ct(uri) or WebRequest.Crea te(uri) if we
used a "file://" prefix and some ad-hoc credentials? Is that kind of thing
possible in asp.net?
Regards,
C.


"Grant Merwitz" <grant@workshar e.com> wrote in message
news:#DwZU9rNFH A.244@TK2MSFTNG P12.phx.gbl...[color=blue]
> you can set these permission up in IIS.
>
> When you go to the properties if the articles directory, go into[/color]
'Directory[color=blue]
> Security' and click 'Edit'
> From there you can disallow 'Anonymous access'.
>
> Now this will solve your problem is the articles are not allowed to be
> accessed by web browsers (as per you question).
>
> But i think what your really trying to do, is disallow the folder to
> unauthenticated users.
> i.e. they will still be accessible via the web browser but only if your
> logged in (my ASSumption, correct if i'm wrong)
> In this case you can use forms/windows/passport authentication to disallow
> users into that directory which is specified in the web.config file.
> For this to work, these files may need to be changed to .aspx pages[/color]
instead[color=blue]
> of .htm pages. They don't have to be dynamic, but will just give .NET
> control over there access.
>
> If my assumption is wrong, then by disallowing 'Anonymous Access' as said
> above, the folder will be inaccesible via a web browser, but you .net code
> will be able to access those folders and either stream the contents to the
> user or email them to the user .. but NOT DISPLAY them in a browser.
>
> Hope this is clear
>
> "carla" <carla@nowhere. biz> wrote in message
> news:OSdp0orNFH A.568@TK2MSFTNG P09.phx.gbl...[color=green]
> > We have a bunch of articles that visitors to our website can read. They[/color][/color]
do[color=blue][color=green]
> > a
> > search, and we present a list of matching article links. The files are
> > named
> > sequentially: art1.htm, art2.htm, art3, htm, and so on. The articles
> > directory is located benath our web app:
> >
> > inetpub
> > wwwroot
> > webapp
> > articles
> >
> > How can we make the \articles subdirectory off-limits to web browsers[/color][/color]
and[color=blue][color=green]
> > search engines but readable by our web app?
> > Thanks
> > C.
> >
> >[/color]
>
>[/color]