stackoom
  简体   繁体   中英

web.config in directory with no aspx pages

 原文  2009-11-19 14:23:19       asp.net/ asp.net-membership

Question

I have a directory where I am placing PDF files that are generated by my application. The issue is that since there are no aspx pages, the security in the web.config is not preventing direct navigation to those pdf's. Granted, the information is public, I just dont want someone to be able to go straight to them for a variety of reasons.

So the question is, how do I prevent access to that directory in a web.config file? here is what I have: 

<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
    <authorization>
        <allow roles="role1" />
        <allow roles="role2" />
        <allow roles="role3" />
        <allow roles="role4" />
        <deny users="*" />
    </authorization>
</system.web>

1 answers

solution1
 1  2009-11-19 14:27:10

You should be using an HttpHandler to accomplish file security you can map extensions through IIS and use these to handle mappings of each particular file type (ie: pdf, doc, exe, etc...)

Here is a link describing it...

http://www.15seconds.com/Issue/020417.htm

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question web.config not forwarding to 404 error page on non .aspx pages Coldfusion to .NET pages .cfm to .aspx in Web.Config Aspx authorization in Web.Config ASPX Mapping in web.config Registering javascript in aspx calling web.config Web.config - Custom error pages not working specify masterpage of subdirectory pages in web.config Only ASPX (HTML) file run through virtual directory but when connect to database it doesn't find web.config connection How to remove directory in web.config? Finding root directory in web.config file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM