Last post Feb 07, 2008 05:12 PM by OWScott
Feb 06, 2008 10:32 AM|cptOneEye|LINK
i have a directory with many subdirectories that contains eiter JPG's or PDF's. By now it is possible to access all data directly per entering the URL into the browser.
Now I want to deny the access to the PDF's.
Is it possible to change the access rights of a special datatype (-> PDF) in a folder?
I use: W2k3 IIS 6.0 Asp.NET Framework 2.0
Feb 06, 2008 10:46 AM|Curt_C|LINK
yes, but then the user wont be able to access them at all... your <a href...> and/or <img...> tags can not reference these files.
You will need to Stream the files to the client then (I have a sample of this on
www.darkfalz.com if you need) but those are your options really.
Feb 07, 2008 07:57 AM|HostingASPNet|LINK
I fully agree, maybe it's much better to create a file handler for these files.
Feb 07, 2008 09:04 AM|OWScott|LINK
How about simply creating a subfolder and dropping your PDFs into that folder? You can protect it with forms auth, give yourself access but block everyone else. The other options all work well, and may be necessarily depending on various factors that
only you know, but the obvious easy answer is to separate them into a different folder and protect the folder instead of the file type.
Feb 07, 2008 04:22 PMemail@example.com|LINK
Forms auth would only work in IIS 7, in previous versions they would have to be ASP.NET files. The OP could place them in folders outside the web folder hierarchy and stream the files if security is an issue. Or upgrade to IIS 7/Server 2008 and make it
easy with forms authentication.
Feb 07, 2008 05:12 PM|OWScott|LINK
Good point, I forgot to mention that a script mapping for .pdf would need to be set on that folder for ASP.NET forms auth to work. Or, another solution is to remove anonymous access for the folder in IIS so that a windows username/password is required.