TechQA.

forms authentication and deny access to all files

62 views Asked by At

I have created a "restricted" page with the forms authentication and it's working well. 

<authentication mode="Forms">
    <forms loginUrl="login.aspx" defaultUrl="documents.aspx" />
</authentication>

<location path="documents.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>

I would like to deny access to a folder and all the files that it contains depending on this authentication. Basically, documents.apsx has a document list that you can download. If I try to access to www.mywebsite.com/documents I'm automatically redirect to the login.aspx. I added the following Web.config in my Documents folder:

<?xml version="1.0"?>
<configuration>

  <system.web>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>

</configuration>

However, if I know the path of a document, for example www.mywebsite.com/documents/test.pdf I can access to this file.

My question is: How can I deny access to all the files in the Document folder if you are not authenticated?

asp.net web-config form-authentication
Original Q&A
1

There are 1 answers

0
Pankaj Toshniwal On

Put all your doucments PDF in a folder and set restriction on that folder like this:

<location path="FolderName">
<system.web>
    <authorization>
        <deny users="?"/>
    </authorization>
</system.web>

Related Questions in ASP.NET

Related Questions in WEB-CONFIG

Related Questions in FORM-AUTHENTICATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions