Reputation: 9927
How do I protect a directory in asp.net MVC?
What would be the simplest way of protecting a directory in asp.net mvc?
Currently I have a folder of misc files which belong to numerous users of the site. Ideally I do not want one user being able to type the URL to one of these documents in a browser and have access to it. These files should only be downloadable through a controller action that will authorise the download by verifying the users credentials and then returning a file.
Thanks in Advance
Upvotes: 2
Views: 940
Answers (2)
Reputation: 3234
My solution to these is usually to have that directory exist outside of the web's ability to access. For example, instead of storing them at c:\inetpub\wwwroot\docs, just store them at C:\inetpub\docs.
Just make sure your controller has read / ?write? privileges.
This posed the best solution for me when I was adding / removing folders, as my host restricted my ability to turn the file monitor off. And it turns out that deleting a sub-folder of an application causes an app pool recycle >_<
Upvotes: 2
Reputation: 532665
Store the files in app data and have your controller action read the file and render it as a FileResult. That way the files are never exposed directly.
Upvotes: 7
Related Questions
- Protect certain folders in wwwroot with authetication in asp.net core mvc
- How to Deny Access to specific folder in ASP.Net MVC 5
- asp.net MVC secure root folder only for authorized users
- Secure Folders in ASP.NET MVC4 SPA application
- Protecting folders in MVC
- IIS Password prompt for given folder ASP.NET MVC
- Securing a folder in ASP.NET web directory
- What are some ways to secure a directory in ASP.NET?
- Deny access to directory in IIS 6.0
- Simplest way to protect whole folder (with authentication) using asp.net MVC and OpenID