Securing a folder in ASP.NET web directory

I worked long time back on a website and it has been working fine, recently a problem has been reported, which I need to go through.

In my site there is a folder named repository, which contains files like word and PDF documents and ideally only logged in users are allowed to download them but now it has been observed that anyone who is not logged into the website, can even also download them :(

Is there any wayout to handle it without moving the folder out of the web directory? Like making that folder password protected and only my pages can access the content, any code sample or link will be of high use.

My web application is in ASP.NET 2.0 with C# and server has IIS 6.0.

Thanks in Advance


My Web.Config has these tags in it:

<authentication mode="Forms">
  <forms slidingExpiration="true" loginUrl="Login.aspx" defaultUrl="HomePage.aspx" name=".ASPXMAIN" timeout="30">
  <deny users="?" />


Use the <location /> tags in the web.config,

  <location path="content">
        <allow users="*"/>

See this answer for more links to msdn documentation:

Need Your Help

sql join relationship - if an entry is found, then don't select

sql join

I have 3 tables : users, roles and roles_users (roles_users is a relational table with 2 columns, user_id and role_id)

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.