I am looking for a way to restrict direct access to a certain folder or folders on our website which is hosted in IIS7 in our second dev environment, IIS6 in our first dev environment and IIS6 on production.
Basically we should be able to link to these files from our website i.e.: http://www.domain.com/stuff/survey.pdf
But if someone tries to link to this from a blog post, etc. it should not serve the content. Is there any way to do this in a web config or is that beyond the abilities of IIS?
What I ended up doing was writing a PHP script which served content from outside of the web root, but only if the user was logged in and had a valid site cookie.
Then I created folders to replace all the content we were currently serving (.pdf, .png, etc.) since there was not that much that we wanted secured. I name the folder the same as the original document, i.e.: /webroot/survey.pdf/ and then placed the index.php inside of the survey.pdf folder.
This worked, and now we can use the script to link to content that we want secured.