Say that I have a bunch of PDF documents on my web server uploaded to my web server by my user-system.
Say that they are top secret or very personal; could fx. be a paycheck, a customer contract or an invoice.
How do I hide the PDF-documents from the world, but make it visible and downloadable for users logged into my user-system?
Is this anyway possible?
I am using a fully dedicated Microsoft Web Server 2008 with SQL Server 2008 and IIS7. And I am server-scripting with ASP Classic.
And yeah, I have been googling the scenario and I really can’t find a specific example on how to do this. Which also lets me believe, that it is not possible :/
First of all you could use some ugly ASP code to pump contents of a PDF to the client but I’ll not steer you that way when you have lovely modern server to play with.
Hopefully you haven’t got any old ISAPI filters that require a classic pipeline. Hence your application pool will be running the integrated pipeline.
I believe you can use the ASP.NET global.asax page filter incoming requests even for static content in the integrated pipeline. The
AuthorizeRequestmight be a good place to put your code.You will probably need to adjust your existing logon system (which probably depends on ASP Session) to also add an additional session cookie (one whose name and value you dictate) to the response for a logon request.
You would place the PDF files under some sub-folder in your application. Your code in the
Global.asaxcode-behind could then determine if the incoming request is for that sub-folder, if it is it could examine the cookies on the request to determine if your session cookie is present and that it has a valid value.This has two advantages:-