This content has been marked as final. Show 3 replies
To protect the content, the usual method is to store the files on a secure server (SSL), and provide a single .asp page to log in, as an entryway to the knowledgebase.
This way, the user can't make an end run around the log in page, and access the content directly.
I think putting the robohelp files into a secured folder will simply make the files not searcable. Once someone has the direct link to the main file, they could sent it to anyone and it would not force them to login.
I want to lock down the main robohelp file and change the file from htm to asp so I can include the asp code to require login.
Let me know if this is possible.
I will try to provide a more comprehensive answer.
So.. limiting access.. Usually it will depend on what web server you're running on, and also to some extent what platform you're developing on. The easiest way is to restrict file level permissions to some directories. In Windows, this is done at the file level, and in the web server you must tell the system to use basic authentication and restrict anonymous access for those directories you're protecting. In this case, it's best to create users on the web server with very limited rights to the machine - typically only read access to those directories you want them to be viewing. Then in the web server management console, disable anonymous access for those directories you want to restrict.
It's possible to do the same thing programatically. With ASP, the effort is pretty great. You'll need a database with a list of users and some way of assigning rights to them (either by defining roles for which the users are members, or doing something more tightly coupled to the content, such as defining what directories or folders they'd have access to. These definitions would be in the database. Something like a Users table and a Roles table or a Users table and a Files/directories table.). Then, in each of the ASP pages, the opening code on each page would need to check the users cookie or session variable for a username, and then compare that to the access rights that were defined in the database tables.
In new ASP.Net (1.1, 2.0), the process is much simpler. It has "providers" that really make web authentication very simple - nearly drag and drop with little to no special configuration of the web server other than making sure it supports the .net. There are some good links to the web on how to do this, and some free tools for writing an asp.net application ( ASP Web Matrix, for instance).
As for the search engine, it would depend on how you're indexing content, and how the engine functions. Robohelp's search will work, but controlling access based on users will demand more. Many search engines will have an indexing service running as an uber-user, so that it can see everything, but for searching, users only get results for those items to which they have access.