Access denied file if user not login.

Question

User-2008924294 posted

Dear all!

I have a web application and have a url to file

ex: http://mydomain.com/Userfiles/Files/ReportTOC.doc

(Note: folder and file is dynamic, ex: abc.doc, xyz.pdf..)

If user not login then click link, show write "Access denied"

Form login use aspnet membership.

please help me!

Answer 1

User-183374066 posted

I am assuming that you have implemented membership that ship with default template

First you need to stop anonymous access to your files folder. You can do it quickly by adding some configurations

<location path="FolderPath">
    <system.web>
        <authorization>
            <allow users="?"/> 
        </authorization>
    </system.web>
</location>

This will meet your requirement.

if you want to apply any further logic then you can add a handler which handle file download

http://stackoverflow.com/questions/33693553/asp-net-mvc-secure-root-folder-only-for-authorized-users

Answer 2

User-1383778792 posted

@thanhnv is better use of this kind of functionality you should use Directory location into to web.config and restrict to anonymous user.

<location path="~/UserFiles/files">
    <system.web>
        <authorization>
        <allow users="thanhvn"/> // allow thanhvn to Download file.
        <deny users="*"/>  // deny others
        </authorization>
    </system.web>
</location>

And for anonymous user

<allow users="?"/>

Answer 3

User-2008924294 posted

Dear Shaair!

Thank's you for reply.

i have config in web.config

 <location path="UserFiles/file">
    <system.web>
      <authorization>
        <allow roles="Administrator, AdminCMS,Editor"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

But, anonymox still view file.

Do you have any other solution?

Thank's and waiting for reply!

Answer 4

User-1383778792 posted

Please find the difference between. 

*	All users
?	Anonymous (unauthenticated) users

Also check at your token its returning which role.