Re: Deny access to a directory with web.config

From: Juan T. Llibre (nomailreplies_at_nowhere.com)
Date: 04/27/05 

Date: Wed, 27 Apr 2005 06:15:05 -0400

web.config :

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

 <system.web>
<authorization>
                <allow users="ASPNET's account name"/>
                <deny users="*"/>
        </authorization>

 </system.web>
</configuration>

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Espaņol
Ven, y hablemos de ASP.NET...
======================

"Matt" <none@none.com> wrote in message news:e2ju61l2vntc345gtvcbc0ukfmdeull60l@4ax.com...
> Good suggestion, but is there a way to control access to that
> directory with the web.config?
>
> Thanks.
>
>>You can move the directory outside of the web application's directory.
>>
>>-Brock
>>DevelopMentor
>>http://staff.develop.com/ballen
>>
>>
>>
>>> Hello,
>>> I'm working on a portal based on IBuySpy, where the main page is
>>> desktopdefault.aspx and all content is stored in
>>> www.domain.com/content/html/nnn
>>> or
>>> www.domain.com/content/images/nnn
>>> and injected in the desktopdefault.aspx page.
>>> How can I prevent users doing www.domain.com/content/images/test.jpg
>>> and getting the image (or the html file, or whatever inside the
>>> content directory?)
>>> It doesn't matter if the user is authenticated or not, I just want
>>> obly the webapplication to be able to load and display the files
>>> inside the /content directory.
>>> Can I do this just manipulating the web.config, without changing
>>> directory permissions on the webserver?
>>>
>>> Thanks!

Relevant Pages