0

I have a website contains following structure, it will be deploy to Azure Web App:

~\Home\Files\(kk.jpg) (ff.pdf) (aa.xls)....
~\Home\Download.aspx
~\LogIn.aspx
~\Web.config

Rules:

  1. Only login users can see anything in the "Home" directory.

  2. Especially, I want to restrict any un-login users access any file in the "\Home\Files\" directory.

Here is my web.config file:

 <system.web>
    <authentication mode="Forms">
        <forms name=".SCKi" loginUrl="LogIn.aspx" protection="All" path="/" timeout="30" requireSSL="true"  />
    </authentication>
    <authorization>
      <deny users ="?" />
      <allow users = "*" />
     </authorization>
</system.web>

Can any one help me apply the rules?

DIY-DS
  • 243
  • 4
  • 16
  • have you checked permissions to that folder ? http://stackoverflow.com/questions/4396913/how-to-check-read-and-write-permissions-on-folder-in-c-sharp – Eldar Zeynalov Mar 30 '15 at 08:56

2 Answers2

0

You need to lock access on specific folders using location tag in web.config.

<location path="Home/Files">
<system.web>
  <authorization>
    <deny users="?" />
  </authorization>
</system.web>

This will come under configuration tag

Mairaj Ahmad
  • 14,434
  • 2
  • 26
  • 40
  • The question is when I deploy it to the server, if I enter the path say "www.mywebsite/Home/Files/Test1.txt" in the browser, I can still see the txt file in the browser, without log in. – DIY-DS Mar 30 '15 at 09:11
  • Yes you will have to write this in web.config to restrict users without login. – Mairaj Ahmad Mar 30 '15 at 09:17
  • I put it in there like this, but still can access ` ' – DIY-DS Mar 30 '15 at 09:19
0

You are allowing everyone in:

Change to this:

<allow users="?" />

E remove the deny option

MikaelF
  • 3,518
  • 4
  • 20
  • 33
Vinster
  • 1