[quoted text, click to view] On 28 Oct 2003 16:45:09 -0800, slam@larp.com (slamman) wrote:
>This may be rather basic in nature, but...
>
>If someone can point me to a tutorial on setting this up, or give
>instructions, that would be great. I have done some searches, but
>unfortunately the questions/responses seem to assume too much previous
>knowledge, or do not address some of the topics I am looking for...
Have you looked at:
http://www.iisfaq.com/default.aspx?View=P78&P=145 [quoted text, click to view] >I am looking to set up a website on IIS that only allows users coming
>from public areas (i.e. not intranet or external company users) to
>download files from a listing of files.
>
>These users should not be able to access any of the downloadable files
>unless they have been authenticated through some means to specifically
>and uniquely identify them.
That's in the FAQ above...
[quoted text, click to view] >The site can have SSL, and should transfer the files through http or
>https rather than ftp.
>
>What is the recommended plan of attack for this type of site?
>
>How should authentication take place? In an ASP script accessing a
>user/pwd list in SQL? Some sort of IIS authentication?
All are valid. That's what *you* need to decide before anyone can
point you at a tutorial on how. Start with the FAQ above...
[quoted text, click to view] >How are the files/directories that the downloadable files are in
>protected from someone "guessing" where they are and the filename (or
>someone giving someone else that specific URL)?
Back to the FAQ pages above...
[quoted text, click to view] >It would be nice to able to track which user is downloading which
>files, but not necessary at this point.
Um... That's in your IIS logs.
[quoted text, click to view] >It would also be nice to be able to control on a file level basis
>which files a user can download (maybe this can simply be controlled
>be some directory structure where the user only has access to certain
>directories)...
Try the FAQ again...
