I am using ASP.NET 4.5 OWIN Identity and attempting to block access to a directory for all but authenticated users. The directory contains raw files, so it isnt possible to wrap them in the ASP LoggedInTemplate tag.
When I try and prevent access to the directory to anonymous users, it fails.
I have tried adding the following to the main Web.config file:
<system.web><authorization><deny users="?" /></authorization></system.web><location path="/docs"> <system.web><authorization><deny users="?" /></authorization></system.web></location>Doing this gives server 500 errors and highlight the location path="/docs" line as the source of the error. This is a hosted solution, so options for changing the IIS server config to allow overrides arent available to me, though that does seem one potential solution for anyone experiencing this issue.
I have now removed the above from the main web.config and added a separate web.config file in the directory that I want to protect. The new web.config contains this:
<?xml version="1.0"?><configuration><system.web><authorization><deny users="?" /></authorization></system.web></configuration>This gives no errors, but allows unauthenticated users access to the folder, which is what I am trying to prevent.
Any ideas or pointers to any article that describes how to resolve this would be much appreciated.