A Day Late

I’ve been working on a problem at work for almost 7 hours and I’m no closer to finding a solution. I’d give up if I wasn’t sure someone else has had the same problem. Here’s what’s going on. On our server we use coldfusion and use application security throughout our site. When someone logs in to our site we set various cookies and session variables. On pages that require security we check for the proper credentials and then load the page. If the proper credentials are not found the user is redirected to the login page. However, that approach only provides security for files coldfusion recognizes (CFM and CFC files). PDF, word document files are available for anyone to see.

This hasn’t really been a problem until recently. We allow all employees a certain amount of web space to post files and other documents in their own web folders. On numerous occasions we’ve told them NOT to upload files with information that should remain confidential. Apparently that’s not working because they keep doing it. The problem is, most of the files they upload are word documents, pdf’s, etc which cannot be put under our coldfusion application security.

I figured a good solution would be to implement directory security on those folders and require basic authentication. This would authorization to access any file. I want to create a single username on the server with access to that folder. When a user logs in to our site, throught the coldfusion mechanism, we also do a transparent login using this special username and password using Basic Authentication. Problem is I can find NO way to do this. I thought I could manipulate the authentication-info header but that doesn’t seem to be working. I’m having a hard time believing it’s not possible to have application security AND directory security. If only I could use mod_rewrite I wouldn’t have to worry about directory security, but sadly this is a Microsoft IIS server. If I haven’t figured this out in the next half hour I might have to beat my head against my desk.

This entry was posted on Wednesday, March 9th, 2005 at 3:41 pm and is filed under Programming, Windows/Microsoft, Work. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.