Old Forums
Search:
Technical support This forum is closed.
Version 1.x > Technical support > Files in secured area View modes: 
User avatar
Member
Member
Andre van der Hoeven - 2/16/2006 4:33:28 PM
   
Files in secured area
Hi,
I've secured a part of my website with the CMSSecuredAreas key in Web.config:

<add key="CMSSecuredAreas" value="/extranet" />

which works great for CMS based pages but not for uploaded files. Uploaded files are accessible without authentication:

http://www.mydomain.com/extranet/document.pdf

My question: how can I secure both pages and files behind the same login page?
Thanks,
Andre
User avatar
Guest
admin - 2/16/2006 6:15:58 PM
   
Re: Files in secured area
Hi Andre,

the files are not processed by the ASP.NET engine which is the reason why they are not secured by this mechanism.

If you would like to secure your files as well, you need to use the following:

1) Set up the folder for the files using the following web.config parameter:
<add key="CMSAttachmentsFolder" value="c:\attachments" />
The folder you specify must be outside your web space so that the files are not directly accessible from the web.

2) Use only the GetFile.aspx script to retrieve files and images. This script checks the secured areas and permissions so it will not provide the files to public users if they are part of some secured section.

Please let me if you need any additional information.

Best Regards,

Top