Deny access to 'Upload' folder in web.config for all users in Asp.net MVC 5

Question

I want to dis-allow access to Upload folder, where the files from authorised users are being stored. I want to restrict http://domain.com/Upload/filename.ext. I have tried location tag in root web.config as

<location path="Upload">
    <system.web>
      <authorization>
        <deny users="*" /> 
      </authorization>
    </system.web>
  </location>

But still the URL: http://domain.com/Upload/filename.ext is accessible. I have also tried adding web.config to Upload folder as

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
    <system.webServer>
        <directoryBrowse enabled="false" />
    </system.webServer>
</configuration>

But still no use. Also I have followed some existing posts on Stack Overflow: Deny users to access a folder How to restrict folder access in asp.net Deny access to 'admin' folder in web.config & more but nothing is working for me. I am using authentication-

<authentication mode="None" >
        <forms loginUrl="~/Account/Login" protection="All" path="/" timeout="15" requireSSL="false" domain=".domain.com"/>
    </authentication>

Need help on this security issue...

Are you using IIS as a web server? – teo van kot Aug 01 '16 at 08:05 — teo van kot, Aug 01 '16 at 08:05
@teovankot yes, I am using IIS8 on windows server 2012 R2 – SarangK Aug 01 '16 at 08:26 — SarangK, Aug 01 '16 at 08:26

Deny access to 'Upload' folder in web.config for all users in Asp.net MVC 5

0 Answers0