JetSetWebDesign JetSetWebDesign - 2 months ago 22
ASP.NET (C#) Question

ASP.NET MVC 5 Identity & Securing Folders

Well, I'm at a loss. I've looked everywhere and I'm still getting errors. I have a folder with a couple of pdf files stored in it. The folder is called "docs" and it's in the root directory of my project. I placed a web.config file in the folder with the following code...

<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>


I also tried placing the code in my root web.config file using the following code...

<location path="/docs">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>


Both of these code blocks produce a 500 server error. Unfortunately, I don't have access to the detailed server error since I'm on shared hosting. Any ideas?

Edit: Sorry... That's what I get for posting a question a 1am. I want to secure the folder so that only those users who are logged in and authorized can access it and download files.

Answer

I had a similar problem (see here). The solution was to add the web.config to the directory but also to add a handler directive to it. This worked for me.

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  <system.webServer>
    <handlers>
      <add name="PDFHandler" verb="*"
        path="*.pdf"
        type="System.Web.StaticFileHandler"
        resourceType="Unspecified" />
    </handlers>
  </system.webServer>
</configuration>