By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,759 Members | 1,778 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,759 IT Pros & Developers. It's quick & easy.

Prevent uploaded documents folder from search engine or unauthenticated access:

P: n/a
I have an \upload folder beneath the web root where I have MS Word and other
documents that I would prefer not be available to the public. How can I
configure web.config to prevent these files from turning up in a search
engine list and prevent an unauthenticated user from typing in the url. This
is a hosted site, and I can use forms or windows authentication.

Nov 19 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
You normally don't because those files those files are not processed by the
isapi_filter so the .NET authentication mechanism will not work.

One thing that I would suggest is to have the files exist outside of your
virtual root, that way nothing can directly access them. Instead, you
create a page like view.aspx?filename=... which can then access the file and
stream the content to the browser. You can then protect view.asp using .NET
authentication.

"bradley" <so*****@microsoft.com> wrote in message
news:un*************@TK2MSFTNGP15.phx.gbl...
I have an \upload folder beneath the web root where I have MS Word and other documents that I would prefer not be available to the public. How can I
configure web.config to prevent these files from turning up in a search
engine list and prevent an unauthenticated user from typing in the url. This is a hosted site, and I can use forms or windows authentication.

Nov 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.