I understand and use Access Control for web pages but how do I apply similar rules to a web file. If I give a contact a direct link to a web file, they can access this without any login, so I need to fix this. Please advise.
Web Files are normally used for public available/downlodable files.. for example Images used in the Portal / JS / CSS / manual guides, etc
If you need security, you should then have your own table with a lookup for the Contact record and notes/files enabled, and then restrict access to that table
Power Pages Super User | MVP
Apologies for delay. I would need therefore to assign per contact record, that would be too cumbersome. Can you not simply align with a web role. So if contacts have web role 'portaluser' then they can view these web files, otherwise no access?
I don't know if this would work or not (I haven't tried it), but a possibility may be to set the Parent Page of the Web File (it defaults to the root/home but you can specify a specific Web Page) and then restrict access to that Web Page.
Also depending on exactly what you are trying to give the user via the Web File you could have other options e.g. Notes attachment to a record or SharePoint, or Web Resource embedded on an Entity Form.