Secure everything in directory

I have a web.cofig file inside a directory (see below). If you click on the link to the site, you go to a login page and with the correct credentials, you go to the page you tried to access (standard stuff). If you have a file in there for example, "test.txt", I am current able to type in the direct link and pull that file up. I want to be able to secure the data as well and it is an upload directory so it will always be different names, but they will always be PDF files.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="~/Directory/Folder/">
    <system.web>
      <authorization>
        <allow roles="Role" />
        <allow users="user" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
</configuration>

Read More

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s