This content has been marked as final. Show 3 replies
If you were delivering a single package, such as a zip, a pdf, or something to download, you could move the files outside of a web accessible directory and then deliver the files with cfheader and cfcontent.
Since you are trying to protect htm pages along with standard elements such as images, you have to protect at the IIS level. Since the built-in IIS authentication isn't going to do it for you, you need to look into ISAPI filters. Information is a little sparse, but there is a commercial solution that would lock down directories based on a database.
> Several posts indicated that I would need to disable anonymous access within
> IIS and then create the individual user accounts within Administrative Tools >
> Computer Management > Users and Groups. However, in this case, I don't want to
> create thousands of new users within windows.
How many users did you have in your .htaccess config? That's how many
you'd need to set up in IIS. With IIS & file system permissions you're
effecting the same thing you would with Apache's .htaccess authorisation.
Except using GUI tools rather than text files; it's the same principle,
Or... you could just install Apache and use that instead, sticking with the
approach you're used to.
Adam, I would like to stick with IIS. There are thousands of user accounts so I would prefer to use MSSQL to store the accounts.
wigginton, thanks for your tip. That software package looks like it might do exactly what I need. Does that package use ISAPI filters? I wonder if it would be worthwhile to develop my own solution using ISAPI filters. From the description of the prodict it looks like you can create a bridge between IIS and MSSQL.
I'll do some more research on ISAPI filters and ColdFusion. Google hasn't yielded too many useful resources thus far.