Reputation: 46740
How to prevent download of files to unauthenticated users
I have a website into which users log in using forms authentication, with a folder path from which I do not want any unauthenticated users (those users not logged in) to download files from. How can I implement this?
Thanks,
Sachin
Upvotes: 3
Views: 1964
Answers (4)
Reputation: 1
Use the following code in Web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="Default.aspx" name=".ASPXFORMAUTH" protection="All" path="/" timeout="30" />
</authentication>
<authorization>
<deny users="?" />
<!-- Deny anonymous users -->
</authorization>
</system.web>
<location path="downloads">
<system.web>
<authorization>
<deny users="?" />
<!-- Deny anonymous users access to the Files folder -->
</authorization>
</system.web>
</location>
<!--<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Cache-Control" value="no-cache, no-store, must-revalidate" />
<add name="Pragma" value="no-cache" />
<add name="Expires" value="0" />
</customHeaders>
</httpProtocol>
</system.webServer>-->
<system.webServer>
<modules>
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
</system.webServer>
</configuration>
Upvotes: 0
Reputation: 12864
Place the file in an authorised folder. so that if unauthorised users come to that folder. they will be redirected to login page to get authorised.
Upvotes: 0
Reputation: 7636
You can do this through configuration, see http://msdn.microsoft.com/en-us/library/8d82143t.aspx
<location path="Files">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Upvotes: 3
Reputation: 2760
You can make function to download (on server side) where you will check current login and then send path to file for accessible people.
Here you can see another ways get-files-if-login
Upvotes: 0
Related Questions
- Prevent access to file(s) to secure path based downloads
- How to prevent anonymous users from accessing a file using forms authentication?
- How Can I make sure a file can be downloaded only if the user is logged in? ( no forms authentication )
- stop unauthorized file download in asp.net
- Asp.net - Prevent file (PDF, Word) download from a particular folder
- asp.net - prevent downloading a specific file
- Stop document downloads from unauthorised users
- how to stop user not get files if not login
- Preventing Users from Downloading file from website directly, how?
- How to prevent other users from downloading/opening others files?