How to deny anonymous users to virtual directory

asp.netforms-authenticationvirtual-directory

How can I deny access to my virtual directory, to those who havent logged into my asp.net website yet?

I've hooked my website up to a virtual directory setup on my server (using IIS 7). The VD contains pdf files, that I want only logged in users to be able to access. My problem however, is I can't seem to "deny" anonymous users from accessing the files either. Currently, if I type the direct path to a pdf file within my virtual directory, I can access it, even if I'm not logged into my site.

I have a web.config file setup in the root of my virtual directory, which looks like this:

 <?xml version="1.0"?>
 <configuration>
   <system.web>
     <authentication mode="Forms">
        <forms loginUrl="Login.aspx" />
     </authentication>
     <authorization>
        <deny users="?" />
     </authorization>
   </system.web>
 </configuration>

Any idea how to fix this?

Thanks

Best Answer

Here:

 <?xml version="1.0"?>
 <configuration>
   <system.web>
     <authentication mode="Forms">
        <forms loginUrl="Login.aspx" />
     </authentication>
     <authorization>
        <deny users="?" />
        <allow users="*"/>
     </authorization>
   </system.web>
 </configuration>

The <deny users="?"/> will deny anonymous users while <allow users="*"/> will allow all authenticated users

reference : Setting authorization rules for a particular page or folder in web.config

Best Answer

Related Solutions

Asp – deny ASP.NET anonymous access to all files

Cannot read configuration file due to insufficient permissions

Related Topic