Block access to files from certain directories if not authenticated

Question

Block access to files from certain directories if not authenticated

Asked 10 years, 4 months ago

Viewed 1,469 times

1

How to block the access of certain directories if it is not authenticated?

For example

I have my url

www.meusite.com/login

User is not yet authenticated

So I don’t want it to be able to access any . js, image, . css file from the directory

www.meusite.com/main/js/file.js

Would have as?

I believe that in an easy way would not have, can do this easily by htaccess, by . net might be able to make a page it manages as if it were a tree (mapping) of folders and files and lock files by htaccess,

– Kallef

2014/07/12 at 02:07

1 answer

Browser other questions tagged asp.net asp.net-mvc-5

You are not signed in. Login or sign up in order to post.

by anmaia • **2,420** points · Answer 1 · 2014-07-12T02:06:41+00:00

Add in your web.config file the following directive:

<location path="Caminho/Para/Pasta/Publica">
  <system.web>
     <authorization>
        <deny users="?"/>
     </authorization>
  </system.web>
</location>

Explanation

location.path is the location/folder you want to lock;
deny.users="?" blocks the access of anonymous users.

Example

For your case, you could deny everything and then release only what users can access. See an example:

<location path="Content">
  <system.web>
     <authorization>
        <deny users="?"/>
     </authorization>
  </system.web>
</location>

<location path="Content/Arquivo.js">
  <system.web>
     <authorization>
        <allow users="*"/>
     </authorization>
  </system.web>
</location>

In this case the first directive blocks all users to access the folder Content. The second allows only the file Arquivo.js.