ASP.NET folder access only to logged in user.
Question
I am working on a project in asp.net where i store some files in a directory say temp. I want to give access to that folder and its contents only to the users who are logged else it should show access denied.
i have tried
<system.web>
<authentication mode="Forms">
<forms loginUrl="Default.aspx" defaultUrl="Default.aspx" ></forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="temp">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
but it's not working.
what am i doing wrong ? what should be the right approach ?
1 answers
solution1
2 2012-12-21 08:45:10
First, forget about modifying the global web.config , there is no need for that. You just create an auxiliary web.config in the mentioned folder and put:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
inside.
Second, this won't work for static files that do not pass through the ASP.NET pipeline. This is tricky, as the development server serves requests to all files and the problem arises only when you deploy your application to IIS.
You would have to add
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
It tells IIS to process all possible requests (including requests to static resources) with ASP.NET pipeline. This has its drawbacks, though, as it could potentially slow down the server a little bit.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.