asp.net-mvcasp.net-mvc-4asp.net-web-apidurandal

.NET MVC with WebApi 2 and Durandal - How to disable direct access to files?


I have finished building my first durandal application using .Net MVC and Web Api v2, every thing working fine however I noticed that I can access files directly like

http://localhost:1990/App/views/sessiondetail.html

now I don't want that cuz that is just requesting static pages with no logic or styling.


Solution

  • You will have to override the web servers' default configuration for handling html files in your application, thus tying into to whatever security mechanisms you have in place for request authorization.

    This article how explains how to add a handler for all *.html files in your application.