C
Craig
Hi
I'm using forms authenication to security my site. I have a sub-directory
which contains some .pdf, .xsl, .html and .doc files. If a user is
authenicated, then they are allowed access to the files in the sub-directory.
Here's what I placed in web.config:
<location path="Documents">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
If the user types in the url http://host/website/documents, they receive a
403 - Forbidden error which is fine. However if they type in the url
http://host/website/documents/excel.xls they are prompted to save or open the
file.
In IIS the virtual directory has read permissions checked, for directory
security only Anonymous access is allowed.
How can I prevent files from being accessed from the web without the user
being authenicated?
Many thanks
Craig
I'm using forms authenication to security my site. I have a sub-directory
which contains some .pdf, .xsl, .html and .doc files. If a user is
authenicated, then they are allowed access to the files in the sub-directory.
Here's what I placed in web.config:
<location path="Documents">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
If the user types in the url http://host/website/documents, they receive a
403 - Forbidden error which is fine. However if they type in the url
http://host/website/documents/excel.xls they are prompted to save or open the
file.
In IIS the virtual directory has read permissions checked, for directory
security only Anonymous access is allowed.
How can I prevent files from being accessed from the web without the user
being authenicated?
Many thanks
Craig