global.asa and global.asax

TheMSsForum.com: The Microsoft Software Forum

I have windows 2003 server running with IIS5 and I have enabled to use
asp and asp.net.

What I am trying to do is this.

I have a page from server1, lets say it's
http://www.server1.com/searches/results.asp or
http://www.server1.com/searches/results.aspx, depending whether I use
asp or asp.net. on server1, the member has already logged in and did a
search for a image file.

this page shows search results and differents images people can
download. and for each result you can download an image. You can
either download one or how mnay images you want that are on the search
results page. I am using http://www.informatik.com/tiffdll.html to
merge images if they chose more than one image to download.

the images however are one server2 in the
http://www.server2.com/images/download directory. and in the download
directory there subfolders for the different types of image files.

I would like to set something up where the server2 would only let
members download from the server 1 link in the downloads directory.

I have read some on http_HTTP_REFERER but that's not always 100%, Can
someone please lead me the right way, should I be using global.asa or
global.asax???? I just need some kind of rule where the downloads
directory will only be accessable in server2 from using only the link
provided by server1.

thanks in advance.
Top

Re: global.asa and global.asax by Samir

Samir
Thu May 26 13:44:01 CDT 2005

I need to add this also, I just don't want the files to be downloaded
directly by just typing the url, ie.
http://www.server2.com/images/download/dir1/imag1.tiff or
http://www.server2.com/images/download/dir1/imag2.tiff or
http://www.server2.com/images/download/dir2/imag1.tiff so on and so
forth.

I was reading about rewriting urls and using folder redirection but
would this prevent the member from direct file downloading by typing
the url?

Top

Re: global.asa and global.asax by Kristofer

Kristofer
Sat May 28 10:14:58 CDT 2005

Hi,

The communication between the webclient and the webserver is very simple.
The client sends a request, and the server responds to this request. The
server does not know about other requests the client has sent (the HTTP
protocol is stateless).

So what you want to do is impossible. The server does not in any way know
what the client (user) did to issue a GET request for the image.
Furthermore, you have two servers, which complicates this even more (if
there were only one server, you could make sure that the user was logged
on, and in that way prevent others from downloading the images).

The referer can be used, but since it is something the client sets, and
sends to the server, the client may choose to not send it, or send a false
referer.


--
Regards,
Kristofer Gafvert (IIS MVP)
www.gafvert.info - My Articles and help
www.ilopia.com


Samir wrote:

> I have windows 2003 server running with IIS5 and I have enabled to use
> asp and asp.net.
>
> What I am trying to do is this.
>
> I have a page from server1, lets say it's
> http://www.server1.com/searches/results.asp or
> http://www.server1.com/searches/results.aspx, depending whether I use
> asp or asp.net. on server1, the member has already logged in and did a
> search for a image file.
>
> this page shows search results and differents images people can
> download. and for each result you can download an image. You can
> either download one or how mnay images you want that are on the search
> results page. I am using http://www.informatik.com/tiffdll.html to
> merge images if they chose more than one image to download.
>
> the images however are one server2 in the
> http://www.server2.com/images/download directory. and in the download
> directory there subfolders for the different types of image files.
>
> I would like to set something up where the server2 would only let
> members download from the server 1 link in the downloads directory.
>
> I have read some on http_HTTP_REFERER but that's not always 100%, Can
> someone please lead me the right way, should I be using global.asa or
> global.asax???? I just need some kind of rule where the downloads
> directory will only be accessable in server2 from using only the link
> provided by server1.
>
> thanks in advance.
Top

Re: global.asa and global.asax by Kristofer

Kristofer
Sat May 28 10:20:27 CDT 2005

Rewriting URLS, or using folder redirection will not help to protect your
content.

You need to understand that the client sends a request (typically GET),
and the server responds by either sending the content, or not sending the
content. Rewriting the URL, or using folder redirection will
just...rewrite the URL (which will still point to the same location in the
end), or redirect the client to another location.


What are you trying to accomplish? Do you want to prevent unauthorized
users from downloaded images? One way would be to authenticate the user,
which can be done with a custom written ISAPI filter. Authentication can
also be done with ASP.NET (you can map .tiff to the ASP.NET dll).

But, you will not be able to share the authentication between multiple
servers, because Internet Explorer (and other browsers) will refuse to do
that.


--
Regards,
Kristofer Gafvert (IIS MVP)
www.gafvert.info - My Articles and help
www.ilopia.com


Samir wrote:

> I need to add this also, I just don't want the files to be downloaded
> directly by just typing the url, ie.
> http://www.server2.com/images/download/dir1/imag1.tiff or
> http://www.server2.com/images/download/dir1/imag2.tiff or
> http://www.server2.com/images/download/dir2/imag1.tiff so on and so
> forth.
>
> I was reading about rewriting urls and using folder redirection but
> would this prevent the member from direct file downloading by typing
> the url?
Top

Re: global.asa and global.asax by Samir

Samir
Wed Jun 01 15:52:51 CDT 2005

I resorted in using www.isapirewrite.com and works, so far it's doing
what I ask it to do. thanks for answsering my question.

Top