Best practice to allow roles and deny users to folder

Topics: General
Mar 31, 2013 at 1:47 PM
Hi,
Which is the correct way to restrict users to be able to access files in subfolders in the media folder.
Example. I would like the role DemoAdmin to have access to the folder /media/Default/myFolder and every other user not having access. So I put this web.config file in myFolder.
<configuration>
<system.web>
<authorization>
  <allow roles="DemoAdmin"/> 
  <deny users="*"/> 
</authorization>
</system.web>
</configuration>

And then I try it out by logging in and out, using different users, different browsers, tampering the file, removing it, putting it back and so on. But I think it is behaving strange. Sometimes the user with role DemoAdmin can access files in the folder and sometimes not. It even seems as if browser caching is playing a part and confusing things.

Can't find any straight forward answer in this forum, regarding folder access/permission.

Is this the way to do it in Orchard?
How do you solve it?
Coordinator
Mar 31, 2013 at 9:28 PM
You're probably seeing cached files.
Mar 31, 2013 at 10:07 PM
OK Thanks!
I'll go with that. Give it some time :-)