up vote 0 down vote favorite

I have links to static files that people can access in my application. However they can access these files without logging in. I'd like the static files to be behind login. How can I achieve this? I just access them directly by URL. I tried making a method but still the static files are accessible.

share|improve this question
  • 1
    You’ll need a controller to handle requests to files. That controller will need to check it the user is allowed to access the file and if they are, channel it back to the user. – cybermonkey 11 mins ago
  • 1
    In other words, don't directly serve the file. Instead, having something in between that can make decisions on whether or not to process the request. – mason 9 mins ago
up vote 0 down vote

You can make a Web.config file in the downloads folder with content like this:

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <allow roles ="administrator"/>
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>
share
  • Thank you. This is an application with a self rolled authentication. I'd have to have something that just checks they have a session. – TheDizzle 7 mins ago
  • You can use: allow roles="?" if you allow anyone logged in. – Poul Bak 2 mins ago
  • Authorization rule names cannot contain the '?' character. – TheDizzle 30 secs ago

Your Answer

 

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Not the answer you're looking for? Browse other questions tagged or ask your own question.