Nancy
Reputation: 147
ASP.net Disallow Direct Access to Admin Directory
We have a directory named Admin in the root folder of an ASP.net (4.0) web application.
I have created a route to the Admin/Dashboard.aspx
~/administrator/dashboard/
and it works fine.
I was curious if I could disallow to run the file through direct access, even to the administrators.
~/Admin/Dashboard.aspx
Is it doable?
Please help.
Upvotes: 0
Views: 359
Answers (2)
Wiktor Zychla
Reputation: 48279
Create a local web.config in the Admin folder and create an authorization rule inside the config file:
<configuration>
<system.web>
<allow ...
<deny ...
</system.web>
</configuration>
where allow and deny should be tuned to serve your needs. In particular, deny users="*" will forbid everyone from accessing your page.
Upvotes: 0
Arun Rana
Reputation: 8606
You can do with some web.config setting like below
<location path="~/Admin/Dashboard.aspx">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Upvotes: 1
Related Questions
- How to Deny Access to specific folder in ASP.Net MVC 5
- How to Prevent direct access to files and folders in asp.net?
- How to restrict folder access in asp.net
- How to prevent certain internal routes from being accessed by the user?
- How to lock down paths in ASP.NET MVC?
- Prevent access to aspx files and allow access only via routing?
- preventing routing to folders in asp.net routing
- Restrict access to MVC route in IIS
- How to restrict access to ASP.NET's Website Admin Tool?
- Deny access to 'admin' folder in web.config