asp.netweb-config

how to deny user to access sub folders and file?


on local machine ,i created sample project on mvc4 (razor) and create directory named "x" and put a text file "a.txt" in it.

http://localhost:64471/x/a.txt

in my web config i deny all user to access to "x" folder by this config:

<location path="x">
<system.web>
  <authorization>
    <deny users="*"/>
  </authorization>
</system.web>

Now if user send this request :

http://localhost:64471/x/ 

it works and return user to URL that defined in forms tag in web config.

but when user send this request :

http://localhost:64471/x/a.txt

can read text file in browser(browser shows contents of text file).

i want to know how to deny user to access all files and subfolders in "x" folder?


Solution

  • I tested with path="x" in root web.config. It restrict everything under x folder; it won't even let me browse ~/x. I get redirected to login page.

    Could you try full path to a.txt like this in root web.config?

    <location path="x/a.txt">
      <system.web>
        <authorization>
          <deny users="*"/>
        </authorization>
      </system.web>
    </location>
    

    If it still doesn't work, you can try creating a web.config inside x folder with the following content.

    <?xml version="1.0"?>
    <configuration>
    
      <location path="a.txt">
        <system.web>
          <authorization>
            <deny users="*"/>
          </authorization>
        </system.web>
      </location>
    
    </configuration>