Reputation: 123
web store security
Imagine I have a web store, www.xpto.com, and the users must login to buy my products. The products are in a folder www.xpto.com/apps. How can I prevent thwe user with or without login to directly access content in this folder? This site use c# and asp.net.
Upvotes: 1
Views: 53
Answers (1)
Reputation: 12427
It depends on the contents of the folder. If it's other .aspx files, it's pretty easy to set up the ASP.NET Membership provider for basic authentication and authorization. It's not as complicated as it may seem. :)
For different file types (.pdf, .xml, .jpg, etc.), you can move the files to App_Data (or something similar, outside the scope of the website) and implement a download handler, which checks for permissions before transferring the file.
Upvotes: 2