I have links to static files that people can access in my application. However they can access these files without logging in. I'd like the static files to be behind login. How can I achieve this? I just access them directly by URL. I tried making a method but still the static files are accessible.
-
1You’ll need a controller to handle requests to files. That controller will need to check it the user is allowed to access the file and if they are, channel it back to the user. – cybermonkey 11 mins ago
-
1In other words, don't directly serve the file. Instead, having something in between that can make decisions on whether or not to process the request. – mason 9 mins ago
You can make a Web.config
file in the downloads folder with content like this:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles ="administrator"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
-
Thank you. This is an application with a self rolled authentication. I'd have to have something that just checks they have a session. – TheDizzle 7 mins ago
-
-