How to deny anonymous users to virtual directory
How can I deny access to my virtual directory, to those who havent logged into my asp.net website yet?
I've hooked my website up to a virtual directory setup on my server (using IIS 7). The VD contains pdf files, that I want only logged in users to be able to access. My problem however, is I can't seem to "deny" anonymous users from accessing the files either. Currently, if I type the direct path to a pdf file within my virtual directory, I can access it, even if I'm not logged into my site.
I have a web.config file setup in the root of my virtual directory, which looks like this:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Any idea how to fix this?
Thanks
Answer
Here:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
</system.web>
</configuration>
The <deny users="?"/>
will deny anonymous users while <allow users="*"/> will allow all authenticated users
reference : Setting authorization rules for a particular page or folder in web.config