I am having this small extranet service where users can log in, get all sorts of info and download few files.
Is it possible to secure root folder in MVC asp.net project? I am having a project where users have to log in before using any material. How ever if I use for example "/material" folder for every pdf, jpg, etc. files, other unauthorized users can see those files also.
For example everybody can see this file if they type www.example.com/material/pdf-file.pdf So I want only authorized / logged users to see this file. Is this possible?
It's possible to do that, but there are a lot ways to accomplish that.
A simplified scenario could be:
HtmlHelperwhich would redirect the client to the "wrapper" controllers action. You can pass the filename in a parameter.
[Authorize]attribute or better yet, without using such attributes everywhere you could use FluentSecurity for handling the authorization.
After you create the "wrapper" controller your
URL for getting a file could look like:
URL assumes controller name is 'download' and action name is 'file'.