How can I deny access to my virtual directory, to those who havent logged into my asp.net website yet?
I've hooked my website up to a virtual directory setup on my server (using IIS 7). The VD contains pdf files, that I want only logged in users to be able to access. My problem however, is I can't seem to "deny" anonymous users from accessing the files either. Currently, if I type the direct path to a pdf file within my virtual directory, I can access it, even if I'm not logged into my site.
I have a web.config file setup in the root of my virtual directory, which looks like this:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Any idea how to fix this?
Thanks
Here:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
</system.web>
</configuration>
The <deny users="?"/>
will deny anonymous users while <allow users="*"/>
will allow all authenticated users
reference : Setting authorization rules for a particular page or folder in web.config
单击您具有“身份验证”的IIS下的虚拟目录,然后单击该目录,您将看到“匿名身份验证”将其禁用。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.