Click here to Skip to main content
15,351,089 members
Search within:


How to restrict static files to access from browser
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
ASP.NET4
Hi all,
I have been struggling to restrict static files to download from browsers. But not able to restrict. I know that the following code should work but not working.
This is the root web.config file code.
XML
<location path="Templates">
  <system.web>
    <authorization>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>

I have some documents and excel files available at Templates folder in root folder. I want to restrict the files for all users.

Could any one please help on this?

What I have tried:

I have used the following code in both root web.config file and Templates folder web.config file.

XML
<location path="Templates">
  <system.web>
    <authorization>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>
Posted
Updated 15-Mar-22 8:26am
v2
Add a Solution

2 solutions

The problem is that ASP.NET runtime do not involved (by default) when serving static content, like files from your folder...
If the runtime not involved, than no-one will check what written in the web.config file...
You have several options:
1. Map relevant file types to the ASP.NET engine
2. Write custom handler to server (r deny in your case) those files
3. Use the integrated pipeline in IIS 7 to make all requests invoke ASP.NET runtime...

Understanding IIS 7.0 URL Authorization : The Official Microsoft IIS Site[^]
   
Posted
Comments
Kumarbs 23-Feb-16 0:03am
   
Thank you for your solution. The following code fixed my problem.
<system.webserver>
<modules>
<remove name="UrlAuthorization">
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule">
</add></remove></modules>
</system.webserver>

I have gone through Microsoft support site "https://support.microsoft.com/en-us/kb/815152" provided the solution like below

<system.web>
<httphandlers>
<add verb="*" path="*.doc" type="System.Web.HttpForbiddenHandler">
</add></httphandlers>
</system.web>

But this doesn't solve my problem. Could you have your thoughts on this?
Kornfeld Eliyahu Peter 23-Feb-16 2:43am
   
That solution didn't solved your problem, because a direct link to the file (doc) does not use the web.config at all unless you use the URL authorization, as you did...
Kumarbs 23-Feb-16 3:56am
   
Thank you very much for your inputs.
Again, In what scenario ForbiddenHandlers will be helpful.
You can restrict the folder with hiddenSegments introduced in IIS 7.0. You need to put the <security> under <system.webserver> in web.config.
<security>
      <requestFiltering>
        <hiddenSegments>
          <add segment="folderName" />
        </hiddenSegments>
      </requestFiltering>
</security>
   
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
File browser in MS ACCESS VBA
Cross domain access restrictions ?
Restrict url access in another browser in mvc3
Restricting downloaded file access
Restricting the access for editing the data in my project
restrict access to each file to a specific user
access static variables in different files
Restriction to a folder from being access
Restrict Direct URL Access by URL Modification.
How to send JSON file to browser using <script> tag like CSS and js files in MVC.NET?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 Mar 2022
Layout: fixed | fluid
Copyright © CodeProject, 1999-2022
All Rights Reserved.

Web02 2.8.2022.06.24.1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900