I have an ASP.NET MVC app and some folder that contains a lot of images. This directory is located outside my app folder. And I want to use images from this directory in my app in web pages without copying them to app directory. I created virtual directory for my application in IIS and called it MyOuterDir. It references to outer images directory. Then I wrote in my web page something like this :
<img src='/MyOuterDir/some.png' />
But it doesn't work, I faced with error 404:
GET http://localhost:85/MyOuterDir/some.png 404 (Not Found)
Where am I wrong? How to make IIS (or browser) properly read images from virtual directory?
P.S. It doesn't work even I change reference to folder located in app directory
I would check your web.config file, make sure you have permission for the file system.
<location path="Folder/Logs">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="OtherFolder/Dump">
<system.web>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
</location>
If you don't have permission you won't be able to find the file/Image
Try this way:
<img src='MyOuterDir/some.png' />
Good Luck!
Related
I have a website hosted in IIS with directory browsing disabled. The website is developed in ASP.Net, MySql and C#.
For e.g., If i type www.mysite.com/LoremIpsums/ then it shows 403 error. However if i type, www.mysite.com/LoremIpsums/IpsumLorem.pdf it shows/downloads the the PDF file. How to disable this?
I have searched on net and found sth like
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Administrators" />
</authorization>
If i use this in web.config, the user won't be able to download the pdf file even after logging in. So how to achieve file access only for logged in users. (Either using C# code or IIS Settings)?
Here you Go:
<location path="download">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="user"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
download is your folder where you want to restrict the anonymous user from direct access.
I have an asp.net/c# website. I don't want users reach www.example.com/uploads folder like :
I tried this in web.config :
<location path="uploads">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
But it forbids all the files under uploads folder.Users can reach the files but I don't want users see the list of that files. What should I do about this?
I have an asp.net application for which I need to expose a particular subdirectory to the public internet. When I go into the subdirectory's IIS configuration's authentication section, I cannot disable the Forms Authentication.
The setting is marked as read-only.
Google offers many discussions when I search for the error message, but I haven't found a clear, working solution.
You have to use location in root Web.config.
http://support.microsoft.com/kb/815174
<location path="Your directory" allowOverride=”false”>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
In the application's root web.config, open it up and find the "</system.web>" line. Then add something like the code below to enable unrestricted access to a directory:
<location path="MY FOLDER/PATH">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
How to restrict folder access in asp.net
like I don't want any other to see my Uploads folder in browser by link http://www.example.com/Uploads
For the future generation the answer which works for me is to use hidden segments.
If you want to secure e.g. Uploads folder go to your root Web.config and add into <system.webServer> following element:
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Uploads"/>
</hiddenSegments>
</requestFiltering>
</security>
This will prevent all users from direct access to Uploads folder and its content.
You can do like #klausbyskov mentions, to add <authorization />'s to the root web.config, like:
<location path="Admin">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
or you can add a web.config to the folder where you want to allow/deny access with the following content:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
Of course replace the <allow /> and <deny /> with you own rules
You should add a web.config file to said folder and put an <authorization> tag in the file, as described here.
You can manage folder browsing in IIS settings.,
Open IIS Manager and navigate to the folder you want to manage.
In Features View, double-click Directory Browsing.
In the Actions pane, click Enable/Disable.
This is for IIS7.
you can also use commandline for this.
appcmd set config /section:directoryBrowse /enabled:true|false
Hope this helps...
Happy Programming,
I have a directory where I am placing PDF files that are generated by my application. The issue is that since there are no aspx pages, the security in the web.config is not preventing direct navigation to those pdf's. Granted, the information is public, I just dont want someone to be able to go straight to them for a variety of reasons.
So the question is, how do I prevent access to that directory in a web.config file? here is what I have:
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<allow roles="role1" />
<allow roles="role2" />
<allow roles="role3" />
<allow roles="role4" />
<deny users="*" />
</authorization>
</system.web>
You should be using an HttpHandler to accomplish file security you can map extensions through IIS and use these to handle mappings of each particular file type (ie: pdf, doc, exe, etc...)
Here is a link describing it...
http://www.15seconds.com/Issue/020417.htm