.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Help with authorization in web.config to deny access to files in a folder

Posted By:      Posted Date: October 15, 2010    Points: 0   Category :ASP.Net


I have a web site that has a folder called Files that contains PDF files.  These PDF files should not be accessible to people who have not signed in to the web site. 

The login URL is www.mysite.com/Account/Login.aspx and the register URL is www.mysite.com/Account/Register.aspx. 

Once the person is signed in they can go to www.mysite.com/Documents/Documents.aspx.  This page has a gridview that lists the PDF files in the Files folder with a link to them.  If the person is not signed in, he/she can't view this Documents.aspx page.  However, if anyone has the URL to the PDF files, they can view those files without having to sign in.

How can I prevent someone from accessing the PDF files in this folder?

The site is hosted on GoDaddy using IIS 6.0.

Thanks in advance.

View Complete Post

More Related Resource Links

Why are folder web.config files excluded?

I am asking this mainly out of curiosity. When access rules are created for folders using WSAT, web.config files are generated in these folders. I thought these rules should be deployed with the application (It is at least the case for all my applications), but these file are not included after creation so they are not deployed by default. What is the rationale behind this?

Authorization tag in Web.Config in MVC folder


I created a new MVC Web Application (not the empty one -- the one with the Account controller stuff).

I created a new folder under Views and placed a new View in it.

I created a Controller for the Folder.

I created a web.config in the Folder and used this content:

 <?xml version="1.0"?>
      <deny users="?" />

When I run the app, I can visit my new View even though I'm an anonymous user.

What gives? Do the web.config authorization rules not apply to MVC? Do I have to do something to the Controller or to the web.config or to the root web.config?

Help is appreciated.



Read Access Files from Folder with SSIS

Can some body suggest how to read access files from folder location and insert the data from access Db table to Sql 2008

Clean Web.Config Files (VS 2010 and .NET 4.0 Series)

.NET 4 includes a new version of the CLR, and a new .NET 4 specific machine.config file (which is installed side-by-side with the one used by .NET 2, .NET 3 and .NET 3.5).

The new .NET 4 machine.config file now automatically registers all of the ASP.NET tag sections, handlers and modules that we've added over the years, including the functionality for:

.ASP.NET Dynamic Data
.ASP.NET Routing (which can now be used for both ASP.NET WebForms and ASP.NET MVC)
.ASP.NET Chart Control (which now ships built-into ASP.NET V4)
What this means is that when you create a new "Empty ASP.NET application" project in VS 2010, you'll find that the new default application-level web.config file is now clean and simple:

Wrong Account being used to access files - Help - No Impersonation


I run a simple .aspx website on a Windows Server 2008 machine.

There is NO impersonation, and System.Security.Principal.WindowsIdentity.GetCurrent().Name returns NT AUTHORITY\NETWORK SERVICE, which it the account which the application pool runs. In my web.config, I have <authentication mode="Forms">.


I tried to test the security of the application and server by removing file permissions to the .aspx files. I was greatly worried when the website continued to run without problem (it should not have been able to read the .aspx files).

By turning on file level auditing, I discovered that the .aspx files were being read by the machine$ account (if the machine is called Serv1, then the files would be read by the Serv1$ account, which seems to have access to all files on the local machine).


Is this a security breach or is this behaviour by design ?

Please can somebody assist, as I am worried.

Disallow Direct Access To Files



Here is my dilema, on my site i have a WordPress Audio player (http://wpaudioplayer.com/standalone) that plays my mp3's.

It loads the Mp3's in by javascript...example below:

       AudioPlayer.embed("audioplayer_7", { soundFile: "/Files/Music/[name of file].mp3" });

This file name is clearly visible in the browser source. Not a problem, however this means that any user can legitimately browse to the file directly and download it.

Now i still need the mp3 player (which is flash) to have access to the file but if a user was to try accessing the file directly, they would not be allowed access to it.

I am not sure how to go about this, i am circling the idea of a httphandler but not sure if this is sufficiant to stop the direct access to the file.

Any help would be appreciated

reading values from config files in NUnit tests


One of my NUnit tests has to read in some values from config files.  In my main application this process works perfectly well, however when I run the unit test, the code that reads in the values from the config files doesnt read anything in.  Ive tried putting app.config in my unit test project (I even tried web.config) but nothing seems to work.  Are there any special steps involved when reading from config files in an nunit test ?

NUnit and config files


Ive created an NUnit test project in my solution and have added 3 tests.  They all fail with the same error

SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.
  ----> System.NullReferenceException : Object reference not set to an instance of an object.


SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.

  ----> System.NullReferenceException : Object reference not set to an instance of an object.

heres the test method

        public void CreateDataContext_ConnectionString_ReturnsDataCon

Data Points: Deny Table Access to the Entity Framework Without Causing a Mutiny


Julie Lerman shows database administrators how to limit access to databases from the Entity Framework by allowing it to work only with views and stored procedures instead of tables-without impacting application code or alienating developers.

Julie Lerman

MSDN Magazine August 2010

The ASP Column: What's in ASP.NET Config Files?


Even though you've been using ASP. NET for a while, how much do you really know about ASP. NET configuration files? While you've probably touched the Web. config file from time to time, there are some nuances involved in configuring ASP.

George Shepherd

MSDN Magazine September 2004

Copying files to a folder on web server



I have few files in FolderA on the web server.

I want the users to select a fews files from FolderA and copy them to FolderB on the same web server.

I want to list all the files in FolderA and allow the user to select a few files and copy.

I want to copy the files programatically when the user selects a few files and click on Copy button.

How to copy the files quickly from folderA to FolderB?




How in web.config work in MVC



I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


Access Classes in an aspx page that is in folder in asp.net


I have classes in App_Code:
Connection.cs, ClientData.cs ....

I have a folder Authenticated within it have an aspx page Client.aspx

How do I access the page through Client.aspx ClientData.cs the class, because there is a mistake for me to define the class as I do, please help me!

Access denied to folder in ASP.NET project either though I have granted all users full permissions !



i have made a very simple file upload app, that i want users to be able to upload images to a folder on my server, well localhost for the time being Stick out tongue

here is the simple upload code...

        protected void ButtonRegisterDetails_Click(object sender, EventArgs e) 
            // display properties of the uploaded file 

How to restrict folder access to users and theirs only


Hi. I created a web application using "Forms Authentication". 

There is a folder name "uploads", and it creates subfolders as username when they register. Web application stores users' files and images under their folder ("uploads/username")

I tried to find a way to restrict users to download and upload files to their folder only and couldn't find a good one. 

Then I came up with this idea that stores "web.config" file each time user registers and the web.config should look like below. Username will be changed dynamically according to username.

This method actually works but I am little worried if this is a good practice as far as performance wise. Because it'll create web.config files as many as users and there might be other holes that I don't recognize. 

I appreciate any advice or better suggestion for this problem.

--------web.config in "/Root/uploads/username directory"--------------

<location path="HRpages">

How to use Resource files added to Resources Folder ?



I have added .CSS file in Resources folder of the project.In the same way i can add Images or any other files.But i am unable to use those files in Server Control Project.How to apply CssClass property to any predefined server control to the css file that is stored in the Resources folder  ?

Please guide how to use those Resource files . 

how to read config details from multiple config files

Hi, My web application contain 3 config files with different names, ex. firstconfig.config, secondconfig.config, thirdconfig.config.  Each config files have same Key Value pairs. Now what i want to do is, based on the condition i want to read specific info from specific config file. What i tried is, in Web.config files  <appSettings file="firstconfig.config"></appSettings>   In this way i get th info from that particular config file.  Now how do i get details from other 2 config files.   Can any one know abt this.   S. Ramkumar  Smiley
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend