Directory Permissions/Impersonation

Discussion in 'ASP.NET / ASP.NET Core' started by snorider, Nov 22, 2009.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. snorider

    snorider

    Hi there,

    I have a directory that I would like to prevent users from entering directly via hyperlink/typing in a url, but I still need for my application to access the files for display.

    What I've tried so far:
    Set the anonymous user to deny/deny on the desired directory

    Create a new user and grant read/write on the desired directory

    Added to the web.config <authentication mode="Windows"/> and configured the new user account in an <identity impersonate="true"> tag.

    My thinking is this should allow the web app to access the directory, and deny users coming in from a link.

    Now when I access via the link i get prompted for user credentials and it lets me in when i provide them. But the web app is not able to get in at all.

    What did I miss?

    Thanks for any insight!
     
    snorider, Nov 22, 2009
    #1
  2. Bruce

    Bruce DiscountASP.NET Staff

    You cannot deny access because your app will not be able to access the file.

    Try store your file in a special folder App_Data. This is a special folder and IIS will automatically block Browser / Read access to the content to this folder.
     
    Bruce, Nov 23, 2009
    #2
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page