Geek asks and answers

Folder Protection in MVC

I have some files in the Content folder that I don’t want the user to be able to download files without authorization. How to prevent user access to a file by entering ... Content / {filename} in the address bar?

+5
source share
3 answers

There are several possibilities. The first is to use a tag <location>in your web.config:

<location path="Content">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

Another possibility is to put these files in a folder where no one can access (for example, the App_Data folder, for example), and then perform a controller action that will serve those files that will be decorated with the attribute [Authorize].

+3
source

this does not work for me.

<configuration>
    <appSettings>
    ...
    </appSettings>
    <system.web>
    ...
    </system.web>
    <system.webServer>
    ...
    </system.webServer>
    <location path="Content">
        <system.web>
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
    </location>
</configuration>

MVC 4.0, , , ,

http://localhost:80966/Content/Files/home.jpg
+1

Well, one way is to have it outside of the IIS context, so instead of having them under C:\inetpub\wwwroot

change it to something like C:\temp\files.

Your database has a GUID associated with the document name, and use the GUID to display a link to the file.

in the action of your controller, you just accept the GUID, get the file name and then submit the file in your answer.

0
source

More articles:


All Articles