Denying direct access to a folder (only allow through app)

Keith Myers picture Keith Myers · Jul 25, 2011 · Viewed 11.1k times · Source

I need to prevent someone from directly accessing a pdf, instead only allowing them to be pulled through the app itself. How can this be done?

Answer

user1160006 picture user1160006 · Dec 3, 2013

Add this to your top-level Web.config to block a folder called Reports (your folder name goes there). This will allow your application to access Reports/file.pdf but an outside request to yoursite.com/Reports/file.pdf will be blocked.

<configuration>
    <system.webServer>   
         <security>
          <requestFiltering>
            <hiddenSegments>
              <add segment="Reports" />
            </hiddenSegments>
          </requestFiltering>
        </security>
    </system.webServer>
</configuration>