Hi,
I have some pictures stored in a folder called "Pictures". I found out that also people, who are not registered users of my homepage, can see these pictures by typingwww.example.com/Pictures/Example.jpg into their browser. But the pictures are private, so only people who have an account should be able to see them on my homepage with <img src="/Pictures/Example.jpg" />.
I have tried different things with the web.config file. I have a general web.config file in the root folder. Then I created an additional web.config file in the Pictures-folder. It had the following content:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<location path="/Pictures">
<system.webServer>
<security>
<authorization>
<remove users="?" roles="" verbs="" />
<add accessType="Allow" roles="Administrators" />
</authorization>
</security>
</system.webServer>
</location>
</configuration>
Unfortunately the effect was that both registered users (<img src="/Pictures/Example.jpg" />) and not registered users (www.example.com/Pictures/Example.jpg) couldn't see the pictures any more.
I am not sure if my method of authentification is compatible to the above line "<add accessType="Allow" roles="Administrators" />". I've created my homepage with WebMatrix and used the websecurity-methods (http://msdn.microsoft.com/de-de/library/webmatrix.webdata.websecurity(v=vs.111).aspx) in combination with the default database tables like "webpages_Membership" and "webpages_Roles" for authetification issues.
Does anybody have an idea how to solve my problem?
Kind regards,
January2