Try our conversational search powered by Generative AI!

Restricting Access at folder level using VirtualPath Providers



How to restrict Access at folder level using VirtualPath Providers?

In EPiServer CMS 5.0 to add a folder under the ‘File Management', we added an entry in the webconfig file under the virtualPathProviders and mapped to a virtual folder C:/ExternalDocuments and the entry is as follows:

<virtualPath customFileSummary="~/FileSummary.config">


<add showInFileManager="true" virtualName="External Docs" virtualPath="~/ExternalDocuments/"

          bypassAccessCheck="false" physicalPath="C:\ExternalDocuments"

          name="ExternalDocs" type="EPiServer.Web.Hosting.VirtualPathNativeProvider,EPiServer" />



On performing this we have the folder appearing under the ‘File Management' as ‘External Docs' and the contents of the virtual folder are mapped correctly.

We are able to upload a file both from EpiServer's Upload option as well as copy the files to the folder (C:/ExternalDocuments/) directly.

To retrieve and display the contents of the file in EpiServer, a PageType with property name ExternalLinkProp and type URL to document is created.

The file must have restricted access, and so we control it by giving them folder level access as we do not have file level security in EpiServer CMS 5.0.  Now the problem is in security, i.e., though we are giving rights to the particular user alone, by default all users are able to view the contents having ‘Read' access.

We are reading the file and rendering the contents to the aspx page.

Below is the code written for rendering the files content.



public partial class ShowHtmlContent : TemplatePage


        protected void Page_Load(object sender, EventArgs e)


            String strExternalHtmlURL = CurrentPage["ExternalLinkProp"].ToString();

            String strCurrentUser = PrincipalInfo.Current.Name;

            VirtualPathNativeProvider vpnp = (VirtualPathNativeProvider)VirtualPathHandler.GetProvider("ExternalDocs");


            AccessLevel currentAccessLevel = vpnp.QueryAccess(strExternalHtmlURL,PrincipalInfo.CurrentPrincipal);

//This is always giving ‘read' as o/p

                String strHtmlContent = ParseHTML(strExternalHtmlURL);

                if (strHtmlContent != null)


                    divRenderHTML.InnerHtml = strHtmlContent;

                    //rendering the contents



//Method to read the file

public static string ParseHTML(string filePath)


            StreamReader srHTMLContents = new StreamReader(filePath, Encoding.Default);

            string strContents = string.Empty;



                strContents = srHTMLContents.ReadToEnd();

                return strContents;


            catch (Exception oEx)


                return string.Empty;





                srHTMLContents = null;



We are able to restrict access only by giving page level security to users. But this is not what we wanted.

How to control this and restrict access at folder level rather than page level?

Thanks in Advance...

Apr 14, 2008 7:26
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.