Hi,
I'm trying to use Advanced Security to secure PDF files.
Already I have the basic security tactic of "not showing" the link unless it is an authorized user. My difficulty comes when I try to lock the directory such that a bookmarked PDF won't automatically update. With my application there is a high probablity that multiple people with different permissions will use the same browser and since the PDF reports can contain medical information, I need to lock down browsing directly to a file.
Complicating this picture, I can't create an NT login for every user, nor is it feasible to give out a generic username/password to each person who views this info.
So far, I've created a context that authorizes approved users to view *.pdf files in a given directory. Unfortunately, this doesn't seem to be preventing PDF files from being loaded.
My question is: Am I on the right track? Maybe this can't be done at all? Do I have to turn off the webserver's access to that directory or something like that? I get one of two errors... an NT auth box (web permissions removed), or the file comes up when the user is not authorized to see it.
Thanks for the help,
Rick Walters aka LifeIsFun
I'm trying to use Advanced Security to secure PDF files.
Already I have the basic security tactic of "not showing" the link unless it is an authorized user. My difficulty comes when I try to lock the directory such that a bookmarked PDF won't automatically update. With my application there is a high probablity that multiple people with different permissions will use the same browser and since the PDF reports can contain medical information, I need to lock down browsing directly to a file.
Complicating this picture, I can't create an NT login for every user, nor is it feasible to give out a generic username/password to each person who views this info.
So far, I've created a context that authorizes approved users to view *.pdf files in a given directory. Unfortunately, this doesn't seem to be preventing PDF files from being loaded.
My question is: Am I on the right track? Maybe this can't be done at all? Do I have to turn off the webserver's access to that directory or something like that? I get one of two errors... an NT auth box (web permissions removed), or the file comes up when the user is not authorized to see it.
Thanks for the help,
Rick Walters aka LifeIsFun