How to deny anonymous users to virtual directory

Question

How can I deny access to my virtual directory, to those who havent logged into my asp.net website yet?

I've hooked my website up to a virtual directory setup on my server (using IIS 7). The VD contains pdf files, that I want only logged in users to be able to access. My problem however, is I can't seem to "deny" anonymous users from accessing the files either. Currently, if I type the direct path to a pdf file within my virtual directory, I can access it, even if I'm not logged into my site.

I have a web.config file setup in the root of my virtual directory, which looks like this:

 <?xml version="1.0"?>
 <configuration>
   <system.web>
     <authentication mode="Forms">
        <forms loginUrl="Login.aspx" />
     </authentication>
     <authorization>
        <deny users="?" />
     </authorization>
   </system.web>
 </configuration>

Any idea how to fix this?

Thanks

Answer 1

Here:

 <?xml version="1.0"?>
 <configuration>
   <system.web>
     <authentication mode="Forms">
        <forms loginUrl="Login.aspx" />
     </authentication>
     <authorization>
        <deny users="?" />
        <allow users="*"/>
     </authorization>
   </system.web>
 </configuration>

The <deny users="?"/> will deny anonymous users while <allow users="*"/> will allow all authenticated users

reference : Setting authorization rules for a particular page or folder in web.config

Answer 2

Click on your virtual directory under the IIS you have Authentication click on it and there you will be able to see Anonymous authentication disable it.