Hello, I think an easy way could be using an authentication level in ASP. To give just a possible solution, - Create a database role(directly in the database where PDF data are stored) , for example PDFReaders, and set the necessary select or EXEC permissions, - Create database users (as much as you need) and add all of them to the Role PDFReaders - When connecting to the database use the information provided by the user on the logon page. They should provide the system with their SQL account's username and password. And you should use this username and password in the connection string. Or just another solution(much simpler but if it is ok with your environment), Restrict access to the website to certain IP addresses (in this case only your company). In IIS it seems as if it is possible to restrict access on file or directory level as well as the website level. For example you can say don't allow those IP addresses to view this HTML page or un this ASP script.
-- Sedat Dogru Mauri G�mez wrote: >Hi all. I have an intranet website programmed in asp which users log in with >a user and a password stored in a MS-SQL Server table. There I have private >information of my company stored in pdf format, so when people is logged in >can read and get this documentation. Till here all is correct. >The problem I�ve detected is that if anybody outside of the company types >the exact url adress in his browser of any pdf document stored in the >website, they can get the document without being logged in. I would like to >add some kind of permissions to this files, but I think that i cannot do >this in an asp page... > >Any ideas? > >Thanks in advance > >Mauri > > >. > > >
