Directory Security in IIS

ITLogic() · 11-10-2005, 09:37 AM

I apologize if this has been asked already. I am hosting with an IIS server. On there I have a directory called invoices where I store a bunch of pdf files of customer invoices. When the customer logs on to the site, they can get a list of paid and unpaid invoices. Each line item has a link to thier appropriate pdf invoice.

The problem is if I type in the URL www.com/invoices/100.pdf, I can see that pdf regardless of who owns it. I know in Apache you can set up a .htref file to password protect the folder. How do I secure a folder in IIS so that I can get to the contents of it by a provided link, but not directly through the URL.

Thanks!

11-10-2005, 09:37 AM	#1 (permalink)
ITLogic() Registered User Join Date: Sep 2004 Location: New Orleans Posts: 110 OS: Win XP Home	Directory Security in IIS I apologize if this has been asked already. I am hosting with an IIS server. On there I have a directory called invoices where I store a bunch of pdf files of customer invoices. When the customer logs on to the site, they can get a list of paid and unpaid invoices. Each line item has a link to thier appropriate pdf invoice. The problem is if I type in the URL www.com/invoices/100.pdf, I can see that pdf regardless of who owns it. I know in Apache you can set up a .htref file to password protect the folder. How do I secure a folder in IIS so that I can get to the contents of it by a provided link, but not directly through the URL. Thanks!