Protect non-Kentico folder

Yes, put a web.config file in that directory and set your authorizations accordingly.

You could just also import the files into Kentico and that way you control all the security from within Kentico.

I'd agree with Charles, although I'd steer away from the standard web.config simply because it involves a bit extra work if something changes. With the media library you can control security from the UI using the roles and such without having to gain access to the file system.

Hi, I created a media library called Manuals and added the folder and all the folders, html files, images files to the media library. Then on the security tab I selected "Nobody" for all the options. I created a link to one of the HTML files from the media library on a content page called "Details". I then started a browser sesseion by logging in as a different user. I logged in as person who was not a member of that role that was applied to the "Details" page.(the site uses windows auth) I then entered the URL that was used in that link directly in the address of the browser and was able to get to the html page. i.e. http://sitename.dev/sitename/media/Manuals/folder/folder/welcome_1.htm. I expected since "Nobody" was set in the security that I wouldn't be able to get to it if this in fact protects the files. Or am I doing something wrong?

Hello,

This isn't correct. You are setting the permissions for the Users that are accessing the file via Administration interface of the application. As the files are stored physically on the file system of your server, it's possible to access them also directly via URL, that's the reason why Media library is by default accessing the files via GUID and not using permanent path. The access to physical files could be restricted on the IIS side via web.config file, e.g.:

How to block access with a web.config file?

Best regards, Martin