Reputation: 5635
how to deny user to access sub folders and file?
on local machine ,i created sample project on mvc4 (razor) and create directory named "x" and put a text file "a.txt" in it.
http://localhost:64471/x/a.txt
in my web config i deny all user to access to "x" folder by this config:
<location path="x">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
Now if user send this request :
http://localhost:64471/x/
it works and return user to URL that defined in forms tag in web config.
but when user send this request :
http://localhost:64471/x/a.txt
can read text file in browser(browser shows contents of text file).
i want to know how to deny user to access all files and subfolders in "x" folder?
Upvotes: 17
Views: 17456
Answers (3)
Reputation: 1
Only adding my solution, I copy the web.config of the Views folder to the folder that I want to block, I test it and all files and files of subdirectories was blocked, the web.config configuration that I used is this:
<?xml version="1.0"?>
<configuration>
<system.webServer>
<handlers>
<remove name="BlockViewHandler"/>
<add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
</handlers>
</system.webServer>
</configuration>
Upvotes: 0
Reputation: 46322
I know this is an old question, but if you are having issues and dealing with text or html files, you might want to refer to this stackoverflow question.
In short, you might need to add this to your web.config:
<system.webServer>
<modules>
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
</modules>
</system.webServer>
As kirk points out, files such as .txt and .html files are handled by IIS and not ASP.NET, so the authorization rules aren't applied to them.
Upvotes: 12
Reputation: 62260
I tested with path="x" in root web.config. It restrict everything under x folder; it won't even let me browse ~/x. I get redirected to login page.
Could you try full path to a.txt like this in root web.config?
<location path="x/a.txt">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
If it still doesn't work, you can try creating a web.config inside x folder with the following content.
<?xml version="1.0"?>
<configuration>
<location path="a.txt">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Upvotes: 6
Related Questions
- Restrict access to file/folder in web.config
- block access to files for users but allow access for admins asp.net IIS C#
- How to Deny Access to specific folder in ASP.Net MVC 5
- How to restrict access to a particular folder in asp .net
- How to restrict folder access in asp.net
- Deny all files in a directory, via web.config setting
- Deny users to access a folder
- Web.config Deny access to subfolder recursively
- Protect Sub Folder using Web.config file?
- Deny access to a folder in ASP.NET