Rainbow002
asked on
How to prevent direct access to the files on website?
Hi,
We have an internal website (.Net with SQL as backend) which requires users to login before they can enter and use the site. One of the features is that it allows to download files once the user is logged in. I noticed if I know the full path of the URL to a specific file such as www.testsite.com/download/abc.doc I can directly download the file without having to login...is there a way to prevent this behaviour?
Thanks
We have an internal website (.Net with SQL as backend) which requires users to login before they can enter and use the site. One of the features is that it allows to download files once the user is logged in. I noticed if I know the full path of the URL to a specific file such as www.testsite.com/download/abc.doc I can directly download the file without having to login...is there a way to prevent this behaviour?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1. IUSR<<ComputerName>>
2. IWAM<<ComputerName>>
3. Network Service
1 and 2 are for asp code in IIS 6.0 and 3 point are for .net coded page.
Remove them you no one will be able to access these files/folder where you apply.
You can add or check FTP user must remain on that folder as you have to upload file's to folder
let me know if that resolves your issue
Thanks
2. IWAM<<ComputerName>>
3. Network Service
1 and 2 are for asp code in IIS 6.0 and 3 point are for .net coded page.
Remove them you no one will be able to access these files/folder where you apply.
You can add or check FTP user must remain on that folder as you have to upload file's to folder
let me know if that resolves your issue
Thanks
ASKER
Thanks guys! I figure I'd need developers input to go about this.
ASKER
I was wondering if there was any settings on the folder permissions or IIS that can be turned on/off to prevent direct access to the files without authentication from user?
Please advise!