I need to prevent someone from directly accessing a pdf, instead only allowing them to be pulled through the app itself. How can this be done?
Add this to your top-level Web.config to block a folder called Reports (your folder name goes there). This will allow your application to access Reports/file.pdf but an outside request to yoursite.com/Reports/file.pdf will be blocked.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Reports" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>