How to deny folder and images access using ASP .NET web.config

Question

0.00/5 (No votes)

See more:

Hi,

In Asp .net application i need to write a code for denying folder and images access when directly users trying to access, but same images need to display in webpage.

I used Below code in web.config, its blocking access to images , but not able to display in web page also.

XML

<system.webServer>

    <modules>
      <remove name="FormsAuthenticationModule" />
      <add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />

      <remove name="UrlAuthorization" />
      <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
    </modules>

XML

</system.webServer>

XML

<location path="Photos/photos2016">
    <system.web>
      <authorization>               
        <deny users="*"/> 
      </authorization>

    </system.web>
  </location>

What I have tried:

XML

<system.webServer>

    <modules>
      <remove name="FormsAuthenticationModule" />
      <add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />

      <remove name="UrlAuthorization" />
      <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
    </modules>   </system.webServer>

XML

<location path="awards/awards2015">
  <system.web>
    <authorization>
      <deny users="*"/>
    </authorization>

  </system.web>
</location>

Posted 19-Dec-16 19:01pm

itsureshuk

Updated 19-Dec-16 21:58pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Thomas Nielsen - getCore · Answer 1 · 2016-12-19T21:58:00

Make a page which will get the ressource, like if using Webforms could be GetGraphics.aspx?ressourceid=mypicture.png which then requires an active session or a cookie.

If you use mvc you can do the same thing with routing ... which ultimately can also be set in place in web.forms like for instance

C#

public class UriActionFilter : System.Web.Mvc.ActionFilterAttribute
{
    public override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext filterContext)
    {
        if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated)
        {
            // Sample: somehow identify the user, in case of a custom identity, replace the below line to get the user identifier
            var user = System.Threading.Thread.CurrentPrincipal.Identity.Name;

            // get the parameter that will let you know what is the image or path that is being requested now
            var ctxParams = filterContext.ActionParameters;

            // if the user does not have the permission to view, return 403
            filterContext.RequestContext.HttpContext.Response.StatusCode = 403;
            return;
        }
        base.OnActionExecuting(filterContext);
    }
}

Which i picked up as a reply here: c# - ASP .NET MVC - files access - Stack Overflow[^]