Deny anonymous access to webpages and files

[ofirkif]

Hi everyone,
I have a business site that I need to secure.
I wrote the site in ASP and the platform is IIS 7.
I need that the users must login to see the web pages and the photos.
I mean that just authorized users will have access.

The first way i thought is to make ASP session after validating the user and password of each try via SQL database, this is good way I think and I know to do so.
Now by this way any anonymous user will not have any access to webpages, but the problem is that if the user will type direct photo URL like mydomain.com/images/1.jpg any user have access and even anonymous can see them.
I need that only sessioned users will have access, those that not authorized, I want to deny.
How can I do it?
Your help will very appreciated as I tried so many searches and didn't find anything helpful.
Thank you!
Ofir

[PeejAvery]

Written for IIS 7...I'm guessing that you're using ASP.NET and not ASP classic then. Would you like me to move this to the ASP.NET forum?

[ofirkif]

Hi PeejAvery,

That's the issue, I wrote my entire website with classic ASP, and not ASP.NET.
Because this I need to maybe use a combination of Authentication method of .NET and use it for the entire directory files and all .ASP files I wrote as well.
Please do you have any suggestions for me?
P.S - I don't know ASP.NET, just very very little about web.config file because I read some articles on the web about it.
Hope to find a solution with your help guys...
Thanks!

[PeejAvery]

ASP classic can do that too...I'd suggest starting here. Just remember that since you're in classic, your solutions are out-of-date.