I'm attempting to make a folder that can be FTP'ed in to to deposit PDFs, but they cannot be accessed via a web browser. I have an ASP.NET application that will read the file and send the pdf back as the response to a query. I tried to follow the instructions in: http://kb.discountasp.net/article.aspx?id=10572 using the settings Deny "All anonymous users" and "All users" and neither seemed to work. Anything I put into the folder was still pubicly accessible. Is there (a) some trick to getting this to work or (b) a better way to approach this problem? Keeping the pdf files from being accessed directly is the main objective here and I'm open to other methods. Thanks!
This setting should work. Do you have a URL that we can test? Or can you post your web.config? Aristotle DiscountASP.NET www.DiscountASP.NET
I set up a folder called pdfstore and put a word document in there (I don't have a pdf handy) at: *Removed broken URL, thanks again! However, after looking at the web.config file the tool generated:
Ok I see what's happened. You've added a .NET authorization rule. This only applies to ASP.NET files. You should add an IIS authorization rule instead. Use the IIS 7 Manager or add the following to the web.config. <system.webServer> <security> <authorization> <add accessType="Deny" users="?" /> </authorization> </security> </system.webServer> Aristotle DiscountASP.NET www.DiscountASP.NET
