Developer forum

Forum » Integration » DW10 - SecuredFolder

DW10 - SecuredFolder

E-mail notifications
Michael Knudsen
Reply
Posted on 08/05/2025 16:10:08

In DW9 we had the option to create a SecuredFolder, but how do we do the same in DW10?  Instructions seems missing in the docs.

PS. Dunno if this question belongs to Integration forum, otherwise please move it a more relavant forum area.

Br. Michael Knudsen


Replies

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 12/05/2025 15:50:40
Reply

Hi Michael,

You're absolutely right—the "Secure Folder" functionality from DW9 has changed in DW10, and the documentation hasn't yet caught up. Here's a summary of what’s going on and how to handle it in DW10:

What changed from DW9 to DW10?

In DW9, Secure Folders relied on IIS-level restrictions to block direct access to files (e.g., https://{url}/Files/...) unless users had permission. This was a convenient and low-overhead way to protect file access, but it was tied to IIS hosting.

With DW10, we're no longer bound to IIS—Dynamicweb 10 can be hosted across different platforms (Linux, containers, cloud services, etc.). As a result, that old mechanism was removed.


How to handle secured files in DW10

The replacement solution is permissions-based file access enforced through middleware. In short:

  • DW10 already supports assigning permissions to folders and files.

  • Middleware checks can be introduced to intercept requests to protected file paths, and if the user does not have the required permissions, the file will not be served.

We're currently working on this feature (https://dev.azure.com/dynamicwebsoftware/Dynamicweb/_workitems/edit/24186) to ensure it's performant and secure. 

What to do right now?

Until the new mechanism is fully documented and available:

  • Reach out and have operations remove the read access to a folder until the above feature is in place.

BR Nicolai

 

You must be logged in to post in the forum