...

View Full Version : accessing password protected directory by script



patrick t
12-23-2004, 11:20 AM
How can I get access to a file (1.tif) that is in a password protected directory (pswdir) by an asp script that is on the same server? The user name and password of that directory should be in that script. Is there an asp script for this?
The purpose of this is to allow website members to watch a file, not members may not watch it.

freeasphelp
12-24-2004, 12:26 AM
Try using XMLHTTP, to provide the authentication:

<%
Option Explicit

Dim strURL, strUserName, strPassWord
strURL = "http://www.mydomain.com/"
struserName = "UserName"
strPassWord = "PassWord"

Dim objXMLHTTP
Set objXML.HTTP = Server.CreateObject("Microsoft.XMLHTTP")
Call objXMLHTTP.Open("GET", strURL, False, strUserName, strPassword)
Call objXMLHTTP.Send()
If objXMLHTTP.Status <> 200 Then
Response.Write(objXMLHTTP.responseText)
Set objXMLHTTP = Nothing
Else
Response.ContentType = "image/tiff"
Response.AddHeader("Content-Disposition", "attachment; filename=""1.tif""")
Response.Charset = "UTF-8"
Response.BinaryWrite(objXMLHTTP.responseStream)
Set objXMLHTTP = Nothing
End If
%>

patrick t
12-24-2004, 12:41 PM
Thank you for your help,

I' ve saved the script into an asp file (script.asp) and put on the server outside the password protected diretory

I changed:
line 10: changed into : objXMLHTTP
http://www.mydomain.com/ into the URL to the password protected directory
UserName into the real UserName
strPassWord into the real strPassWord


when I did ask for the script.asp file I received in the browser the error message that was in the script :
' An error occurred! '


when I changed on line 13 <> into <

I received an error message:


Response object error 'ASP 0106 : 80020005'

Type Mismatch

/script.asp, line 17

An unhandled data type was encountered




line 17 is 'Response.BinaryWrite(objXMLHTTP.responseStream)'


What did I do wrong?

freeasphelp
12-24-2004, 08:17 PM
Then either the document don't exist or authentication failed. check username and password, I changed my code so now it will show you the error.

patrick t
12-24-2004, 10:47 PM
the username and password are correct
for the moment the document that is in the password protected is not included in the script. Is this correct?


After I installed and asked for the new script the server stopped processing .asp pages. There is no error message. Just an empty screen.
An .asp page with only <% =time %> in it is not processed anymore. the website is not available anymore. only files like .htm .tiff are available for the moment.

I asked the provider for the cause and let you know

thank you

freeasphelp
12-24-2004, 11:32 PM
strURL should be the full URL to the file, as you would try to access it in a browser, basically XMLHTTP is a simple browser that, so give it the full URL to the file and it should work if all is configured correctly.

patrick t
12-25-2004, 09:40 AM
Thank you,

When I process the code with:
- IE : I receive an http 500 error message
- mozilla: the download starts, not with the wanted 1.tiff file but with the
the title of the .asp file that I had downloaded to the server: script2.asp further it said:" mozilla does not know how to handle this it is of type image/tiff".
when I opened the downloaded script2.asp with mozilla it said:

Response object error 'ASP 0106 : 80020005'
Type Mismatch
/script2.asp, line 18
An unhandled data type was encountered.

freeasphelp
12-25-2004, 09:11 PM
Did some debugging of my code, it should work now:
<%
Option Explicit

Dim strURL, strUserName, strPassWord
strURL = "http://www.yourdomain.com/pswdir/1.tiff"
struserName = "UsernName"
strPassWord = "PassWord"

Dim objXMLHTTP
Set objXMLHTTP = Server.CreateObject("Microsoft.XMLHTTP")
Call objXMLHTTP.Open("GET", strURL, False, strUserName, strPassword)
Call objXMLHTTP.Send()
If objXMLHTTP.Status <> 200 Then
Response.Write(objXMLHTTP.responseText)
Set objXMLHTTP = Nothing
Else
Response.ContentType = "image/tiff"
Response.AddHeader "Content-Disposition", "attachment; filename=""1.tiff"""
Response.Charset = "UTF-8"
Response.BinaryWrite(objXMLHTTP.responseBody)
Set objXMLHTTP = Nothing
End If
%>

patrick t
12-25-2004, 11:12 PM
John,

Thank you very much for your help and script. It works excellent with IE and mozilla

question: is it safe to transfer a password this way? Can hackers retrieve the password?

Merry Christmas

freeasphelp
12-25-2004, 11:35 PM
Well the only way for a hacker to get access is if you have a flaw in your server or code that protects your ASP pages. It is safer, cause you don't have to give out the Username and Password. I think you should be ok.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum