Reputation: 758
Prevent User to see the file system asp.net
How can I prevent a User to see the file system in asp.net ? Do I need to change something in my IIS settings or on my Web.config ?
Thanks for help and fast answer
Upvotes: 0
Views: 382
Answers (1)
Reputation: 66641
Lets starts from the fact that a remote user to been able to see a file is must know the full path of it on the browser.
To prevent that you disable the directory browsing and/or you have a default.aspx page on each directory. When there is a default page, then the IIS show that page.
Now the second security measure is not let the asp.net application user that runs yous site to have accesss to any file beyond the site running files.
The site is run under two accounts. One for the IIS, and one for the Pool. both this accounts must have limited access only to your site directory and only for read, and for write only on the files/directories that needed to your application.
Additional you can use a web.config on some directories to prevent the run of any aspx page as:
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>
but this is not prevend to see files that are not pass from asp.net (like images) Also you can read How to find out which account my ASP.NET code is running under?
Upvotes: 1
Related Questions
- Prevent direct access to files on IIS server
- IIS Directory browsing disable file access directly
- How to Prevent direct access to files and folders in asp.net?
- How to prevent access to a folder in ASP.NET
- How to protect direct file access
- Hide images from user, restricting directory access
- hiding the path of a file on web server
- ASP.NET Protect files inside folder
- Prevent site directory from being displayed
- ASP.NET file system permissions