Files in Root Folder

Danial

Danial

Perch
Hi,
I have placed some files(word document) so that i can control who have access to thos file.

I use ASP to validate a request and then try to use

Response.redirect (path)

This dont seem to work, i have specified both relative and absolute path without any success.

any one have any ideas or suggestion?

Thanks

Danial
 
IIS does not have access to the root folder so you can not serve up a file from there, you could request that IIS have access to the folder but you lose the security you are trying to have.
 
Stephen said:
IIS does not have access to the root folder so you can not serve up a file from there, you could request that IIS have access to the folder but you lose the security you are trying to have.
Click to expand...

I have placed my data base in the root folder, i can use ASP to read/write to the db. Can i not do the same with other types of file through script?

Thanks.

Danial
 
One typically puts the database in the root folder so that it CAN NOT be downloaded, but can be read/written, it is the same with a word document, if you had some sort of com control that could edit the word file, it would, and could, but it could not be downloaded from that directory. Does that example make sense?

Danial said:
I have placed my data base in the root folder, i can use ASP to read/write to the db. Can i not do the same with other types of file through script?

Thanks.

Danial
Click to expand...
 
Stephen said:
One typically puts the database in the root folder so that it CAN NOT be downloaded, but can be read/written, it is the same with a word document, if you had some sort of com control that could edit the word file, it would, and could, but it could not be downloaded from that directory. Does that example make sense?
Click to expand...

I was in the impression that the scripts running on the server has access to thoes files residing on the Root folder. If thats the case i can use Binary Read and Write to server my purpose using ASP.

I am just trying to find out who/what has access to those files.

Will try out binary read/write..

Thanks for your response.
 
You might be able to get something like that to work.

I answered this whole question a bit more in your post about the suggestions, there is something better coming, currently in beta, for password protecting folders.
 
You can't do this by redirecting. The proper way to do this is have the ASP script output the content of the Word document. This script should work, add security stuff you need:

Code: 
<%
FileSource = Server.MapPath("../document.doc")
FileName = Mid(FileSource, InStrRev(FileSource, "\") + 1, Len(FileSource))
ContentType = "application/msword"
Const BlockSize = 100000
Const AsDownload = False

' Get File Size
Set fso = CreateObject("Scripting.FileSystemObject")
Set fileObject = fso.GetFile(FileSource)
FileSize = fileObject.Size
Set fso = Nothing

' Header and Cache
Response.Expires = 0
Response.Buffer = True
Response.ContentType = ContentType
Response.AddHeader "Accept-Ranges", "bytes"
If AsDownload Then Response.AddHeader "Content-Disposition", "attachment; filename=" & FileName
Response.AddHeader "Content-Length", FileSize
Response.Flush

' Open ADODB stream to get chunks of file
Set BinaryStream = Server.CreateObject("ADODB.Stream")
BinaryStream.Open
BinaryStream.Type = 1 ' Binary
BinaryStream.LoadFromFile(FileSource)

' Send data
FileSent = 0
While FileSent + BlockSize < FileSize
	Response.BinaryWrite BinaryStream.Read(BlockSize)
	FileSent = FileSent + BlockSize
	Response.Flush
Wend
Response.BinaryWrite BinaryStream.Read(FileSize - FileSent)

Set BinaryStream = Nothing
%>

Set AsDownload to True if you want to popup a download box to download the document instead.
 
Stephen said:
You might be able to get something like that to work.

I answered this whole question a bit more in your post about the suggestions, there is something better coming, currently in beta, for password protecting folders.
Click to expand...

Thanks Stephen,
Yes just searched this forum and found out that other user have implemented what i described above in jodohost.

As for password protected folder they will probably serve slightly different purpose unless we can specify username and password through code, and redirect the user to a particular folder (without them having to type username and password).
 
SubSpace said:
You can't do this by redirecting. The proper way to do this is have the ASP script output the content of the Word document. This script should work, add security stuff you need:

Set AsDownload to True if you want to popup a download box to download the document instead.
Click to expand...

Thanks SubSpace, thats exactly what i had in mind and was wondering if that would work.

Cheers.

Danial
 
You must log in or register to reply here.
Back
Top