Prevent uploaded documents folder from search engine or unauthenticated access:

B

bradley

I have an \upload folder beneath the web root where I have MS Word and other
documents that I would prefer not be available to the public. How can I
configure web.config to prevent these files from turning up in a search
engine list and prevent an unauthenticated user from typing in the url. This
is a hosted site, and I can use forms or windows authentication.
 
P

Peter Rilling

You normally don't because those files those files are not processed by the
isapi_filter so the .NET authentication mechanism will not work.

One thing that I would suggest is to have the files exist outside of your
virtual root, that way nothing can directly access them. Instead, you
create a page like view.aspx?filename=... which can then access the file and
stream the content to the browser. You can then protect view.asp using .NET
authentication.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

zip / unzip uploaded files seamlessly 2
Securing a folder from public access 2
Q: Hi-HO! How to implement this search engine... ? 1
Prevent VS 2005 from trying to parse media files 6
Vector Space Search Engine 4
Securing XML documents on a ASP.net site.... 9
File Access 2
download - edit - upload documents in a user friendly way 2

Members online

Total: 29 (members: 1, guests: 28)
Robots: 105

Forum statistics

Threads
473,754
Messages
2,569,527
Members
44,999
Latest member
MakersCBDGummiesReview

Latest Threads

Top