I need to prevent someone from directly accessing a pdf, instead only allowing them to be pulled through the app itself. How can this be done?
There are two solutions for doing that:
1- You can put your “UsersUploads” folder outside the website directory, so if your website exist on “c:\website\example.com” you can put the “UsersUploads” there “c:\UsersUploads”, Like that IIS has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.
2- Stop IIS from serving this folder:
IIS by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config,….