Setting Autorization rules for ashx handler in ASP.NET MVC 3 application

Question

I am implementing a javascript file upload functionality in my MVC 3 application and therefore I need to use Http Handler (.ashx) to allow large file upload. Now I need to someh

Answer 1

You could use the <location> section in your web.config to deny access to ~/upload.ashx to anonymous users:

<location path="upload.ashx">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

Remark: never use the <location> tag to control authorization with ASP.NET MVC controller actions and routes. Use the built-in [Authorize] attribute to decorate the corresponding controller/action.