Secure file access

Discussion in 'ASP .Net Security' started by Gerhard, May 19, 2009.

  1. Gerhard

    Gerhard Guest

    I have a application that needs to allow authorized users to get to
    files on a file server (.pdf, .xls, etc) while maintaining security of them
    from anonymous users. I know the web.config does not monitor this. Is there
    a recommended way to publish these to authorized users?

    Gerhard, May 19, 2009
    1. Advertisements

  2. Hi Gerhard,
    To do this we can map the file extension of these files to isapi of ASP.NET
    to let ASP.NET handle the requests to these files.

    The following article demonstrates how to do so:

    Please have a try and let me know if it works. If you have additional
    questions please feel free to ask.

    Allen Chen
    Microsoft Online Support

    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:

    Get notification to my posts through email? Please refer to

    Note: MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 2 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions. Issues of this
    nature are best handled working with a dedicated Microsoft Support Engineer
    by contacting Microsoft Customer Support Services (CSS) at
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Allen Chen [MSFT], May 19, 2009
    1. Advertisements

  3. Gerhard

    Gerhard Guest

    Thanks. This is the right idea, but I do want authenticated uses to be able
    to get to the files. This looks like if forbids any access at all.

    Is there a way through IIS and web.config to allow authenticated users
    access and deny all others?

    Thanks again.
    Gerhard, May 19, 2009
  4. Gerhard

    Gerhard Guest

    This post has basically what I need,,
    but I have been unable to make it work as advertised. Couple of questions,
    does each directory have to be set as an IIS application? Do they each need
    their own web.config file? I have the root directory set up per the article,
    but still can put in a URL and get to files I shouldn't. Is there a
    Microsoft article that covers the details of how to set this up?

    Gerhard, May 20, 2009
  5. Gerhard

    Gerhard Guest

    I figured it out.


    Gerhard, May 21, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.