Prevent uploaded documents folder from search engine or unauthenticated access:

  • Thread starter Thread starter bradley
  • Start date Start date
B

bradley

I have an \upload folder beneath the web root where I have MS Word and other
documents that I would prefer not be available to the public. How can I
configure web.config to prevent these files from turning up in a search
engine list and prevent an unauthenticated user from typing in the url. This
is a hosted site, and I can use forms or windows authentication.
 
You normally don't because those files those files are not processed by the
isapi_filter so the .NET authentication mechanism will not work.

One thing that I would suggest is to have the files exist outside of your
virtual root, that way nothing can directly access them. Instead, you
create a page like view.aspx?filename=... which can then access the file and
stream the content to the browser. You can then protect view.asp using .NET
authentication.
 
Back
Top