Let’s say I have a really simple site where I allow registered users to

Question

0

Asked: May 28, 20262026-05-28T07:01:04+00:00 2026-05-28T07:01:04+00:00

Let’s say I have a really simple site where I allow registered users to

0

Let’s say I have a really simple site where I allow registered users to upload files. I have user “andrew” with an ID of 1 and user “matt” with and ID of 2.

Let’s say I want to use the following folder structure to organize the uploaded files.

/Content/DocRepo/[[ID]]/files_live_here

I am using forms authentication so I could use the web config location element to prevent any unauthorized users from access the DocRepo, however once “andrew” is logged in, what is the cleanest/simplest way to prevent him from accessing “matt’s” files?

Couldn’t he just change the URL to /Content/DocRepo/2/

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T07:01:05+00:00

Editorial Team

2026-05-28T07:01:05+00:00Added an answer on May 28, 2026 at 7:01 am

The easiest way to do that is not to allow direct requests to the files at all. Prevent requests to the files directory, and instead create a files controller which requires Auth, and assures a user has access to the file they are requesting.

You can use a subdirectory of App_Data to store the files, since by default, no direct requests can be made for any files contained therein.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Let’s say I have a really simple site where I allow registered users to

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply