IIS7 stop serving file on request but allows ajax callback
Question
Basically I'm a bit lost I need to allow a jQuery callback the ability to access a web function via an ajax post.
$.ajax({
type: "POST",
url: "/Methods/Credit.asmx/PaymentHoldingDocument1",
data: "{iCredits: " + $('#creditAmount').val() + ", iClientId: " + window.iUserId + "}",
contentType: "application/json; charset=utf-8",
dataType: "json"
});
This then updates a document in a directory \\Payment\\Holding\\1.txt but I don't want people the ability to view the document once it's been created so I want to hide that once it's been created. Using the following in the web.config I've been able to stop people viewing the file but it also stops the web method from writing to it as well.
<security>
<requestFiltering>
<hiddenSegments>
<add segment="\Payment\" />
</hiddenSegments>
</requestFiltering>
</security>
Is there something I'm missing? or is it something I can not do?.
Also removing IUSR or IIS_USR isn't an option as this stops me writing to the file as well.
Thanks in advance.
1 answers
solution1
0 2012-05-30 15:21:25
Have you tried putting a denial on *.txt files by creating a request filter in IIS? That prevents things like the web.config files from being downloaded.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.