0

I have developed web application in mvc6. I am uploading pdf files and storing it in the UploadedFile folder. I am trying to restrict direct access through URL. for eg, i am able to open file using below url without login also. http://192.168.0.118:50814/UploadedFile/1005_Visa_fhgfg_20160731.pdf This is really dangerous. I disabled .pdf files in request filtering but i want to open those files inside the web application. I tried in many ways but could not resolved. Can anyone tell me what is the approach to fix this? If it is in controller level i would have been fixed. But here direct access is possible. Thanks in advance.

NIRANJAN G
  • 69
  • 1
  • 11
  • Explore authentication properties in IIS manager there wiill be something and also disable directory browsing. it might work – مسعود Aug 04 '16 at 12:39
  • I disabled directory browsing but no luck – NIRANJAN G Aug 04 '16 at 12:42
  • Should i use any handlers? i have no idea. Anyone can you provide me links so that i can try? thank you. – NIRANJAN G Aug 05 '16 at 04:44
  • http://stackoverflow.com/questions/13914846/restrict-direct-file-access-of-our-attachment-folder?rq=1 take a look at this question and some more at the bottom right of your question – مسعود Aug 08 '16 at 07:39
  • thank you Masood. But this is for restricting access to perticular groups like Admin,User etc. If i have uploaded file then it sits inside UploadedFile folder. then only i should be able to access this file. I am using some naming conventions while saving files. I will store like clientid_documentname_documentnumber(example:-1005_Visa_fhgfg_20160731.pdf) – NIRANJAN G Aug 08 '16 at 11:57
  • sorry but I dont have much knowledge about file access and restriction. – مسعود Aug 09 '16 at 17:12
  • http://stackoverflow.com/questions/26968328/how-to-prevent-direct-access-to-files-and-folders-in-asp-net. I think this is exactly what you are looking for. you have to try yourself. There is also a link to handlers in the question – مسعود Aug 09 '16 at 17:16

0 Answers0