I am implementing a javascript file upload functionality in my MVC 3 application and

Question

0

Asked: June 5, 20262026-06-05T10:16:49+00:00 2026-06-05T10:16:49+00:00

I am implementing a javascript file upload functionality in my MVC 3 application and

0

I am implementing a javascript file upload functionality in my MVC 3 application and therefore I need to use Http Handler (.ashx) to allow large file upload. Now I need to somehow forbid unauthenticated users to call handler’s methods. If I had a controller, I would simply apply [Authorize] attibute to it. But does the attribute work when applied to an Http Handler’s method? IF not, how can I allow only people that have a current session cookie to make calls to Http Handler?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T10:16:52+00:00

You could use the <location> section in your web.config to deny access to ~/upload.ashx to anonymous users:

<location path="upload.ashx">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

Remark: never use the <location> tag to control authorization with ASP.NET MVC controller actions and routes. Use the built-in [Authorize] attribute to decorate the corresponding controller/action.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am implementing a javascript file upload functionality in my MVC 3 application and

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply