I need to restrict client access to some specific files. I would like to do it in my web.config instead of relying on who manages the IIS.
I know it is possible to restrict access to file types (for example, all XML files), as seen here: How to restrict download of specified file types
However, how to specify exact file(s)? For example, I would need to block direct access to the file at ~/test/mytest.xml Keep in mind that another copy of this file, located at ~/secondtest/mytest.xml should still be available to the client.
The only option is in IIS? I can't control it in the web.config?
Thanks!
You can directly specify the file name like following in web.config.
<system.web>
<httpHandlers>
<add path="test/mytest.xml" verb="*" type="System.Web.HttpForbiddenHandler"/>
</httpHandlers>
</system.web>
For IIS7 onwards use following.
<system.webServer>
<handlers>
<add path="test/mytest.xml" verb="*" type="System.Web.HttpForbiddenHandler" name="XML"/>
</handlers>
</system.webServer>
You can restrict access from logged in, anon, specific roles, etc to paths and/or files in your web.config as such:
<location path="filename or path">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
You might also need to put the following in your config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.