Reputation: 2095
Web.config Deny access to subfolder recursively
If I have a sub folder in my website called Admin and this folder has more sub folders. How can I configure a web.config file, that sits in Admin folder, to effect all the subfolders in it recursively?
Currently i have this, but it only caters for the admin folder, and doesn't effect the sub folders
<location path="Admin">
<system.web>
<authorization >
<deny users="?"/>
<allow roles="Admins"/>
</authorization>
</system.web>
Thanks.
Upvotes: 1
Views: 4403
Answers (2)
Reputation: 13286
You need to deny all other users. By default, all users (including guests) are permitted to access all folders. If you want to deny access to anyone except certain users or roles, you need to deny this access after all rules. This implies to guests also.
<system.web>
<authorization >
<allow roles="Admins"/>
<deny users="*"/>
</authorization>
</system.web>
The rules are being checked one by one, so an admin fits to the first rule and getting access. All other users and guests will fall to the second rule and won't get access.
Upvotes: 4
Reputation: 28970
You can define allowOverride property to true
<location path="path" allowOverride="true"/>
Link : http://msdn.microsoft.com/en-us/library/b6x6shw7(v=vs.71).aspx
Upvotes: 0
Related Questions
- how to deny user to access sub folders and file?
- Restrict access to file/folder in web.config
- Protect sub folders from direct access but allow system access
- Deny all files in a directory, via web.config setting
- How to grant access to all subfolders of a folder in asp.net
- Deny users to access a folder
- Is it possible to completely negate a "higher" web.config in a subfolder?
- Protect Sub Folder using Web.config file?
- Deny access to 'admin' folder in web.config
- Deny access to a folder in ASP.NET