ghemorrhoiduhvj
New Member
I am looking for a way to allow access to certain Excel files to specific users only. This is the scenario:I have an ASP.Net 4 application, which Forms authentication. I would like to be able to give access to ever growing sets of Excel files to a number of users. Each user is allowed access to one of the sets.I can easily arrange a navigation page, which will only show hyper-links to the Excel files the user is allowed to see. However, by guessing URL's, files from others could be retrieved as well.I tried the following scenario:Set up a base folder for all Excel files with inside it a folder for each user. In each folder, a web.config file is placed. On the main folder, this contains the following:\[code\]<?xml version="1.0"?><configuration> <system.web> <authorization> <deny users="*" /> </authorization> </system.web></configuration>\[/code\]Each subfolder this:\[code\]<?xml version="1.0"?><configuration> <system.web> <authorization> <allow users="<username>" /> </authorization> </system.web></configuration>\[/code\]This works well for any .aspx files inside the folders, but not for other types of resources, like my Excel files. Access to those is always granted. I assume that this is caused by the fact that these files are not handled by the ASP.Net worker process.What would be a good way to arrange access only to the correct user? I am thinking about storing the Excel files outside the ASP.Net application's virtual directory and writing some ServeExcel.aspx page that will output the Excel file using the Response stream. Are there better ways to do this?