[英]how to stop web site directory outside file access from web in iis7
I have a windows server 2008. i'm adding few web site using IIS7.我有一个 windows 服务器 2008。我正在使用 IIS7 添加几个 web 站点。 But all web can access outside file.
但是所有 web 都可以访问外部文件。 for example:
例如:
@{ DirectoryInfo di=new DirectoryInfo("c:\\");}
@foreach (var item in di.GetFiles())
{
<div>@item.FullName</div>
}
This code enumerate files successfully.此代码成功枚举文件。 I need to configure can't access outside web site directory.
我需要配置无法访问 web 站点目录之外的内容。 Only use inside files and folder
仅使用内部文件和文件夹
How to do that?怎么做?
You could create a new user that has limited permissions and set to run app pool under this user.您可以创建一个具有有限权限的新用户,并设置为在该用户下运行应用程序池。
To change Identity of an AppPool (ie Specify what credentials the App Pool is running as)更改 AppPool 的身份(即指定 App Pool 正在运行的凭据)
You can also set identity in the web.config file:您还可以在 web.config 文件中设置身份:
<system.web>
<identity impersonate="true"
userName="UserName"
password="Password"/>
</system.web>
the code you are showing does not mean that external individuals can access files on your server, all that it shows is that a program RUNNING on your server can access files on the server which make sense.您显示的代码并不意味着外部个人可以访问您服务器上的文件,它所显示的只是您服务器上运行的程序可以访问服务器上有意义的文件。
If you want to prevent a program from accessing those files then add security permissions to them for a user that is not the user that runs the program you want to prevent from accessing them.如果您想阻止程序访问这些文件,请为那些不是运行您要阻止访问它们的程序的用户的用户添加安全权限。
If you are looking to secure a directory look at using .htaccess (very basic security) or take into account Alex's solution如果您希望保护目录,请查看使用 .htaccess(非常基本的安全性)或考虑 Alex 的解决方案
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.