I have a website which includes some data that must not be directly accessible by the client. I have that inside the folder as
root
|-Confidential
|-Test.txt
|- web.confid
|- _PageStart.cshtml
web.config
..what I want to do is, to deny the access to the folder Confidential as a whole by the user, so that all of the content, is accessed directly would be redirected somewhere to shown a simple 404.
I have even tried using the web.config file as there was a solution in Stack Overflow, to create a new web.config file and then write this to it.
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow users="admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
But it doesn't work for me. Then I tried using another method by replacing the name of the file, and writing it as _Test.txt . But I guess, ASP.NET only controls the .cshtml files and other ASP.NET files to be hidden this way.
Another method applied was, setting the error code to 404 by creating a new page called _PageStart.cshtml and then writing this code
@{
Response.StatusCode = 404;
}
..but again! The page was directly accessible. After all these methods, I came here, to find a solution to this problem. How can I deny the access to all of the file or the folder as a whole in ASP.NET.
add this to your <sysyem.webserver>
section
<security>
<requestFiltering>
<hiddenSegments>
<add segment="folderName"/>
</hiddenSegments>
</requestFiltering>
</security>
I have a website which includes some data that must not be directly accessible by the client.
The simplest way to achieve this is to put the data in the App_Data folder. That's what it's for.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.