Hi There,
What would be the simplest way of protecting a directory in asp.net mvc?
Currently I have a folder of misc files which belong to numerous users of the site. Ideally I do not want one user being able to type the URL to one of these documents in a browser and have access to it. These files should only be downloadable through a controller action that will authorise the download by verifying the users credentials and then returning a file.
Thanks in Advance
Store the files in app data and have your controller action read the file and render it as a FileResult. That way the files are never exposed directly.
My solution to these is usually to have that directory exist outside of the web's ability to access. For example, instead of storing them at c:\inetpub\wwwroot\docs, just store them at C:\inetpub\docs.
Just make sure your controller has read / ?write? privileges.
This posed the best solution for me when I was adding / removing folders, as my host restricted my ability to turn the file monitor off. And it turns out that deleting a sub-folder of an application causes an app pool recycle >_<