I have written an app with a friend which does just this. It should be IIS
compatible. It is written in PHP, though you are welcome to create an ASP
version (please send me a copy of your version if you are okay with releasing
it for free). It is available at:
http://www.sf.net/projects/teraband
"Teraband: Download Server Administrator".
While that version (the release) does not directly support user/pass-based
authentication, everything is there to support it. It demonstrates how to
securely retrieve a file (from outside of the web directory), and transfer it
several blocks at a time to the remote end, recording bandwidth usage, etc.
The code also demonstrates solutions to some problems you will encounter
while developing your application, since it is essentially the same objective,
except in Teraband's case the objective is to not allow file access once a limit
is reached.
Go check it out. You can read the source live off of SourceForge CVS if you
want, or download a release and play with it.
Should you have any questions about Teraband, feel free to email me.
Best wishes,
Ido
On Tue, Sep 28, 2004 at 02:06:19PM -0400, robbin wrote:
Script the retrieval and just put the file out there, basically you have
to open the file and put it to the web page with the appropriate header
so that the user will be prompted for a download, save as pop box. I've
done this in perl,
print header(-type=>"application/x-download",
-attachment=>"$fullyqualifiedfilename",
);
open (DWNLD,"<$file");
binmode(DWNLD);
$/ = undef;
my $zip = <DWNLD>;
close (DWNLD);
binmode(STDOUT);
print $zip;
Hope example helps.
Robbin
John M. L. wrote:
I have a project that involves a members only area on web page on IIS.
The members' only area is secured by a database (MS Access) so users are
authenticated by their name and some MD5 hash etc. I need to allow files
(mostly PDFs) for download to authenticated users only. In my opinion
this
means that the files can not be stored in any www accessible folder
(regardless of any renaming convention etc, I absolutely cannot have
someone
guess a file name to download). In order to access the files, the
database
would link a file to a unique id, so a page that validates the user would
then give access to the file stored outside of the www on the server.
Now,
this is where the real question lies. How is this possible since the
files
are not in a www accessible path, since a mere link to a file won't due.
Any thoughts would be welcome. If I'm going about this completely wrong
that would be nice to no too :) Forgive me if the answer is simple,
I'm a
Linux fan and haven't used IIS etc for years.
One more note: IIS, MS Access and VBScript are not my technologies of
choice, but merely what I was given to work with. I also have very
limited
control over administering IIS.
John
www.recaffeinated.com
--
O|||||||O Silly Boys, Jeeps are for girls.
--
email : ido@ieee.org / ido@cs.uchicago.edu
jabber : ido@rosen.md
pgp : http://www.cs.columbia.edu/~ido/pgp
