I worked long time back on a website and it has been working fine, recently a problem has been reported, which I need to go through.
In my site there is a folder named repository, which contains files like word and PDF documents and ideally only logged in users are allowed to download them but now it has been observed that anyone who is not logged into the website, can even also download them :(
Is there any wayout to handle it without moving the folder out of the web directory? Like making that folder password protected and only my pages can access the content, any code sample or link will be of high use.
My web application is in ASP.NET 2.0 with C# and server has IIS 6.0.
Thanks in Advance
Edit:
My Web.Config has these tags in it:
<authentication mode="Forms">
<forms slidingExpiration="true" loginUrl="Login.aspx" defaultUrl="HomePage.aspx" name=".ASPXMAIN" timeout="30">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
Use the <location /> tags in the web.config, http://msdn.microsoft.com/en-us/library/b6x6shw7(v=vs.71).aspx
<location path="content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
See this answer for more links to msdn documentation: https://stackoverflow.com/a/4280257/426894
You can try with this config in your Web.config (location permit you to define path)
This sample use roles in order to design profil.
Also use users in order to design user.
<location path="~/MembersOnly" >
<system.web>
<authorization>
<allow roles="Members"/>
<deny users="?" />
</authorization>
</system.web>
</location>
来源:https://stackoverflow.com/questions/12319020/securing-a-folder-in-asp-net-web-directory