Wednesday, December 8, 2010

PDFWebViewer.NET tip 1: protect your documents from direct access

Most of the PDFWebViewer.NET demos use the FileSystemStorageProvider to store PDF documents in the ~/documents folder. This means the documents are stored within the root of the website and they can be downloaded directly. If you know the file name, that is. To prevent direct access, you can either store the documents outside the web application root or setup some protective measures.