I need to prevent someone from directly accessing a pdf, instead only allowing them to be pulled through the app itself. How can this be done?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Add this to your top-level Web.config to block a folder called Reports (your folder name goes there).
This will allow your application to access Reports/file.pdf but an outside request to yoursite.com/Reports/file.pdf will be blocked.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Reports" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
Method 2
There are two solutions for doing that:
1- You can put your “UsersUploads” folder outside the website
directory, so if your website exist on “c:websiteexample.com” you
can put the “UsersUploads” there “c:UsersUploads”, Like that IIS has
no control over this folder and its files, And your website code will
still have access to this directory as a normal physical path.2- Stop IIS from serving this folder:
IIS by default doesn’t server some website folders and files such
App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources,
Web.config,….
Method 3
Put the files in the app_data folder and then use a HttpHandler to serve the files. You can use url rewriting if you want to hide it and make it look cleaner.
Method 4
set the permissions on the folder to deny access to whoever. Ask your sys admin guy to create an account and give read access to the folder. Then set impersonation up in the web.config file to use the new account.
Read this
http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0