stackoom
  简体   繁体   中英

Protect static files in Classic ASP website

 原文  2014-09-25 11:21:29       security/ asp-classic/ protection/ static-content

Question

I want to secure static files (images, .txt files) from unauthenticated users. How can I implement the user authentication to the website so that the static files in specific folder also get secured? I have used simple authentication in a login.asp file and started a session for authenticated user and I check the session value for protected .asp files. But I have no idea how to secure static content on Classic ASP website.

The website is hosted on IIS 7 with Integrated pipeline mode.

3 answers

solution1
 0  2014-09-25 15:14:55

You already asked this, and I answered it, and I will give you the same answer.

You will need to use BASIC AUTHENTICATION to restrict access on static files in IIS (Classic ASP). Otherwise, you need to save the static content in another format and encrypt it and only make it viewable by people authenticated by your program.

Please don't ask this again, the answers will not be different.

solution2
 0  2014-09-27 20:18:51

If using Basic Authentification is not your cup of tea, one possibility would be to replace your static files with an ASP file that upon authorization, will output the correct file. If necessary, you can set the ContentType of the Response to the appropriate type. The link http://support2.microsoft.com/kb/173308 show you how to do that with an image stored inside a database but of course, you can take whatever you want as the source of the file. In the case of .TXT files, you can even directly take the file and simply add a small section of ASP code at the beginning for doing the check.

All of this required extra work. There is no way to simply activate some sort of protection with the session state for static files without extra work.

solution3
 0  2021-04-14 16:28:38

Old question but -- Most MS servers with Classic Asp installed have several default folders which cannot be accessed except via ASP. they are /bin /app_code /app_data and there may be others. It depends on your hosting company. Windows 10 IIS (their cut down dev & test suite) locks these by default. Using ASP code to retrieve and display text and html is very easy but I'm not sure how to do images. If you have very low traffic, one way would be to copy the image file to an unlocked folder and give it a random name, then access it normally in an IMG tag, then delete it after use. (I came here looking for a better method).

Update: The answer to loading images via ASP is here -- displaying images from sql database with classic asp ... see bottom answer by "HeavenCore" and, instead of Response.BinaryWrite rs("ImageBlob") , get the binary of the image into Your variable, eg: BinaryImageData and do Response.BinaryWrite BinaryImageData

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Classic ASP — Protect Against HTTP Header Injection Protect Classic ASP Page within an ASP.NET Application Protect source code of an ASP.NET website Protect files with asp.net forms authentication How can I password protect a section of a static website? Looking for library to protect classic ASP application against cross-site request forgery MVC website - how to prevent access to static files Protect Website Against Piracy Static files and authentication in ASP.net How can i secure non-asp files in a classic asp environment
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM