Block access to files in certain directories if they are not authenticated

1

How do I block certain directory access if it is not authenticated?

For example

I have my url

www.mysite.com/login

The user is not yet authenticated

So I do not want it to be able to access any .js file, image, .css directory

www.meusite.com/principal/js/arquivo.js

Would you like it?

    
asked by anonymous 12.07.2014 / 03:39

1 answer

3

Add the following directive in your web.config file:

<location path="Caminho/Para/Pasta/Publica">
  <system.web>
     <authorization>
        <deny users="?"/>
     </authorization>
  </system.web>
</location>

Explanation

  • location.path is the location / folder you want to block;
  • deny.users="?" blocks access for anonymous users.

Example

For your case, you could deny everything and then release only what the users can access. Here's an example:

<location path="Content">
  <system.web>
     <authorization>
        <deny users="?"/>
     </authorization>
  </system.web>
</location>

<location path="Content/Arquivo.js">
  <system.web>
     <authorization>
        <allow users="*"/>
     </authorization>
  </system.web>
</location>

In this case, the first policy blocks all users from accessing the Content folder. The second one only allows the file Arquivo.js .

    
12.07.2014 / 04:06