How to prevent sites to access to other site folder?

Question

please help me I'm working on an asp.net application have a main site and sub sites like this :

site.com/parent

site.com/parent/child1

site.com/parent/child2

Any page on parent site can access to child1 and child2 files and copy, delete them

but the problem is : child1 also can access to child2 files and copy, delete them !

I want to prevent child1 site to access to child2 files

I am using asp.net and IIS 7.5

please help !

Answer 1

Setup the sites with different security then block access to the folders. This will depend on what type of authentication you are currently using but let us assume it is anonymous access.

Assuming child1 and child2 are virtual directories:

Create a user that you will assign to child1 and a different user you will assign to child2.

In IIS, go to child1 >> Authentication. Edit Anonymous >> change to the user for child1.

Go to child2 >> Authentication. Edit Anonymous >> change to the user for child2.

If you are not using anonymous access you could do something similar as above for the authentication type you are using. (and don't forget about your database if you are using SSPI)

Go to the files and/or folders for child1 and change the ACL to block child2 user. Go to the files and/or folders for child2 and change the ACL to block child1 user.

Edit:

Also remember to change the ACLs to allow the appropriate user on the files/folder. So for the file/folders for child1 add allow read, write to child1 user, and so on.

If you are on shared hosting I hope they will allow you to change files security.

You can also configure the authentication properties in the web.config. For example, for anonymous authentication:

http://msdn.microsoft.com/en-us/library/ms689465%28v=vs.90%29.aspx