I have a windows server 2008. i'm adding few web site using IIS7. But all web can access outside file. for example:
@{ DirectoryInfo di=new DirectoryInfo("c:\\");}
@foreach (var item in di.GetFiles())
{
<div>@item.FullName</div>
}
This code enumerate files successfully. I need to configure can't access outside web site directory. Only use inside files and folder
How to do that?
You could create a new user that has limited permissions and set to run app pool under this user.
To change Identity of an AppPool (ie Specify what credentials the App Pool is running as)
You can also set identity in the web.config file:
<system.web>
<identity impersonate="true"
userName="UserName"
password="Password"/>
</system.web>
the code you are showing does not mean that external individuals can access files on your server, all that it shows is that a program RUNNING on your server can access files on the server which make sense.
If you want to prevent a program from accessing those files then add security permissions to them for a user that is not the user that runs the program you want to prevent from accessing them.
If you are looking to secure a directory look at using .htaccess (very basic security) or take into account Alex's solution
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.