ASP.NET Protect files inside folder

Question

I have a shared hosting account in which I upload my ASP.NET application. I let the user upload .doc files inside a folder, the problem is I only want logged users to be able to download those files, so I wrote a dispatcher, you give it the id and it reads the file and writes it to the browser, hiding the file location, nevertheless I want to protect the directory where all the files are, so you can only download files using the dispatcher, I tried marking it as a password protected directory, but now ASP.NET can't get access either.

score 2 · Answer 1 · answered May 02 '12 at 12:18

2

You need to restrict the NTFS permissions on that folder to only allow the user your applicaiton is running as. This might be difficult in a shared host environment...

answered May 02 '12 at 12:18

cjk

45,739
9
81
112

score 1 · Answer 2 · edited May 23 '17 at 10:34

1

The ideal solution would be to move the folder outside of the site root but I guess as you are using shared hosting this may not be possible.

One other solution would be to move docs to the App_Data folder which is protected by .NET (see here What is the App_Data folder used for in Visual Studio?)

edited May 23 '17 at 10:34

Community

1
1

answered May 02 '12 at 12:24

Kevin Main

2,334
17
28

ASP.NET Protect files inside folder

2 Answers2