Prevent a file (pdf) from being served in asp.net

Question

I've got a legacy flash app (no access to the source) that when it completes it opens a pdf in a new window automatically.

Is there some way to prevent this one file at this one specific location from opening (again, keeping in mind I cant edit the flash)

So it opens to http://site.com/Files/Video/Completion.pdf directly in the browser, no handler or anything to change.

Answer 1

You can drop a web.config in that folder which will prevent the files from being accessed unless they are in a specific role:

<configuration>
    <system.web>
        <authorization>
           <allow roles="WHATEVER-ALLOWED-ROLES"/>
           <deny users="*"/>
        </authorization>
    </system.web>
</configuration>

If you only want to lock down that specific file you can wrap that <system.web> with <location path="filepath-and-name">

This will likely require you to add the following handler to your root web.config in the "handlers" section, as usually IIS will serve up the file before ASP.NET touches it. This will make PDFs go through ASP.NET which can then handle the Role restrictions from above:

<add name="PDFHandler-Integrated" path="*.pdf" verb="GET" type="System.Web.StaticFileHandler" modules="ManagedPipelineHandler" requireAccess="Script" preCondition="integratedMode" />

Answer 2

You could lock the file down on the web server or delete it? If you can't alter the source you can't prevent the window.open from happening, but you can prevent the delivery.