How to prevent download of files to unauthenticated users

Question

I have a website into which users log in using forms authentication, with a folder path from which I do not want any unauthenticated users (those users not logged in) to download files from. How can I implement this?

Thanks,

Sachin

are you using form authentication to authenticate registered users? — Waqas Raja, May 24 '12 at 12:16
Check this other question to see if helps http://stackoverflow.com/questions/2903292/how-do-i-protect-static-files-with-asp-net-form-auhentication-on-iis-7-5 — Claudio Redi, May 24 '12 at 12:24

score 3 · Accepted Answer · answered May 24 '12 at 12:27

3

You can do this through configuration, see http://msdn.microsoft.com/en-us/library/8d82143t.aspx

<location path="Files">
   <system.web>
     <authorization>
       <deny users="?"/>
     </authorization>
   </system.web>
</location>

answered May 24 '12 at 12:27

magritte

7,396
10
59
79

Yes, but I tend to use IISExpress now when developing locally instead of Casini which was a bit limited. See http://weblogs.asp.net/scottgu/archive/2010/06/28/introducing-iis-express.aspx – magritte May 24 '12 at 12:45

score 0 · Answer 2 · edited May 23 '17 at 12:20

0

You can make function to download (on server side) where you will check current login and then send path to file for accessible people.

Here you can see another ways get-files-if-login

edited May 23 '17 at 12:20

Community

1
1

answered May 24 '12 at 12:24

Likurg

2,742
17
22

score 0 · Answer 3 · answered May 24 '12 at 12:41

0

Place the file in an authorised folder. so that if unauthorised users come to that folder. they will be redirected to login page to get authorised.

answered May 24 '12 at 12:41

Kishore Kumar

12,675
27
97
154

How to prevent download of files to unauthenticated users

3 Answers3