How to authenticate access to a directory in classic ASP

Asked

Viewed 183 times

0

I have a system made in classic Asp and within its structure I have a videos folder. Is there any way to authenticate the access to this folder?

I searched a few ways using web.config, but was unsuccessful!

  • You want to view the contents of the folder only after a login/password?

  • The user will already be logged in to the site and I will just check if he is allowed to access the folder in question. If he is allowed access to the folder is released. It is a video classroom system. where only users authenticated in the database can access the contents of the folder.

1 answer

0

Use a session. Example, right after login:

Session("temPermissao") = "sim"

And on the page that lists the videos you check if he has permission:

if Session("temPermissao") = "sim" then
  (tudo o que o usuário puder ver vc coloca aqui)
else    
  response.redirect("apaginaquevocequiser.asp") 'Se não tem permissão redireciona o usuário para uma página qualquer
end if

So each logged-in user will have this session created with a certain value

  • So far so good. but what if someone typed "www.site/videos" how could I prevent him from accessing the videos directly? if I block on the web.config of Asp access folder I also have no way to display them for authenticated users. So I don’t know which option to follow in ASP.

  • Just put a Response.redirect, as I just put it in the code, to redirect the user to another screen if his session is not fed a "yes". You don’t have to do anything on the web.config.

  • It wouldn’t solve @Daniel Tietz. I’ll give you an example. If someone type: "www.site/videos/video name-do-video.mp4" they won’t go through that check. Because you won’t be uploading a page. So the only way I believe it’s possible to block this is via the ASP web.config. But I still don’t know how!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.