Restricting Access to a directory

[ChrisRath]

What I have is a directory full of .PDF files that I want to restrict access
to. I would like the end users to access these files via ASP scripts that can
use programming logic (via a db) to determine whether the user has access
rights to a particular PDF file.

Restriction 1: All users are running in an ASP session as IUSR (I am not using
a Windows login).

Restriction 2: The user should not be able to access the files by manually
entering the URL of the PDF file.

What I basically want is to have the ASP filter the requests to the PDF
documents. Problem I have is that the ASP scripts seem to operate under the
same file restrictions as the end user (i.e. the ASP scripts have their file
rights restricted to the IUSR account).

Problem is, if I restrict access of the directory for the IUSR account, the ASP
scripts can not access the files. If I open it to IUSR, the ASP scripts can
access it, but I lose control over which particular files can be accessed?

Is there a way to have access rights within an ASP script on the server side
that does not open up the directory or files to the end user?

Thanks,
Chris Rathman

[Ken Schaefer]

a) Put the .pdf file outside the webroot

b) Use the ADO Stream object to read in the binary data, and
Response.BinaryWrite the data to the client as required.

Cheers
Ken

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"ChrisRath" <chri...@aol.com> wrote in message
news:20020826205801...@mb-fg.aol.com...

[Chris Rathman]

Thanks for the help. Works like a charm.

Chris Rathman,
Dresser, Inc.

"Ken Schaefer" <ken...@THISadOpenStatic.com> wrote in message news:<uOX2$jYTCHA.3620@tkmsftngp08>...