How would I set a directory to where only authenticated users could access the files?
In other words I need to make sure that only people that are logged in can access the images and other person data with a web.config.
What are the settings?
Here is what I've got so far but it does not stop users that are not logged.
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
My web.config file with most of the information removed. If you could place that configuration info where it goes so that no one that is on my site can access a folder called users unless they are logged on.
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings configSource="cnn.config" />
<appSettings configSource="app.config" />
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime requestValidationMode="4.5" targetFramework="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<machineKey compatibilityMode="Framework45" />
<authentication configSource="authentication.config" />
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Optimization" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages" />
</namespaces>
<controls>
<add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
</controls>
</pages>
<membership configSource="membership.config" />
<roleManager configSource="roles.config" />
<profile configSource="profile.config" />
<!--<sessionState mode="InProc" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>-->
</system.web>
</configuration>
Have a look at this article: HOW TO: Control Authorization Permissions in an ASP.NET Application
In short you can set folder permissions like this:
<configuration>
<location path="images">
<system.web>
<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>
</configuration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.