0
I have a system made in classic Asp and within its structure I have a videos folder. Is there any way to authenticate the access to this folder?
I searched a few ways using web.config, but was unsuccessful!
1 answer
0
Use a session. Example, right after login:
Session("temPermissao") = "sim"
And on the page that lists the videos you check if he has permission:
if Session("temPermissao") = "sim" then
(tudo o que o usuário puder ver vc coloca aqui)
else
response.redirect("apaginaquevocequiser.asp") 'Se não tem permissão redireciona o usuário para uma página qualquer
end if
So each logged-in user will have this session created with a certain value
-
So far so good. but what if someone typed "www.site/videos" how could I prevent him from accessing the videos directly? if I block on the web.config of Asp access folder I also have no way to display them for authenticated users. So I don’t know which option to follow in ASP.
-
Just put a Response.redirect, as I just put it in the code, to redirect the user to another screen if his session is not fed a "yes". You don’t have to do anything on the web.config.
-
It wouldn’t solve @Daniel Tietz. I’ll give you an example. If someone type: "www.site/videos/video name-do-video.mp4" they won’t go through that check. Because you won’t be uploading a page. So the only way I believe it’s possible to block this is via the ASP web.config. But I still don’t know how!
Browser other questions tagged asp
You are not signed in. Login or sign up in order to post.
You want to view the contents of the folder only after a login/password?
– Marcelo de Andrade
The user will already be logged in to the site and I will just check if he is allowed to access the folder in question. If he is allowed access to the folder is released. It is a video classroom system. where only users authenticated in the database can access the contents of the folder.
– alan