Ok, I've got a bit of an odd scenario.
I've been tasked with taking a legacy (static html w/frames) intranet site and authenticating it securely (HTTPS/LDAPS) against our coorporate LDAP directory. I have a very short time to work on this as it is due in roughly 2-3 weeks, so I don't have the time to redesign the site.
The site has three frames; 1)header, 2) left side menu and 3) body.
It serves several types of documents including static html pages, MS document files and pdf files.
I've worked out the auth code and basic sessions. Where I am stuck is on validation of user credentials on subsequent pages. How can I go about ensuring that a user is logged in before serving up pages?
For the static html pages, I have written an include file that checks the session variables and dumps them back to login if they are not logged or their session has expired. Where I am running into problems is in figuring out how to ensure that any document will do validation checks.
For example, if a user was to type in the direct URL to a pdf file, how can I make sure that they are authenticated before serving the file? Is there some sort of directory based access I can implement (i.e., check credential before serving something out of a directory)?
Regards,
Jacob
