I have an asp.net/c# website. I don't want users reach www.example.com/uploads folder like :
I tried this in web.config :
<location path="uploads">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
But it forbids all the files under uploads folder.Users can reach the files but I don't want users see the list of that files. What should I do about this?
Related
I have an ASP.NET MVC app and some folder that contains a lot of images. This directory is located outside my app folder. And I want to use images from this directory in my app in web pages without copying them to app directory. I created virtual directory for my application in IIS and called it MyOuterDir. It references to outer images directory. Then I wrote in my web page something like this :
<img src='/MyOuterDir/some.png' />
But it doesn't work, I faced with error 404:
GET http://localhost:85/MyOuterDir/some.png 404 (Not Found)
Where am I wrong? How to make IIS (or browser) properly read images from virtual directory?
P.S. It doesn't work even I change reference to folder located in app directory
I would check your web.config file, make sure you have permission for the file system.
<location path="Folder/Logs">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="OtherFolder/Dump">
<system.web>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
</location>
If you don't have permission you won't be able to find the file/Image
Try this way:
<img src='MyOuterDir/some.png' />
Good Luck!
I have an asp.net application for which I need to expose a particular subdirectory to the public internet. When I go into the subdirectory's IIS configuration's authentication section, I cannot disable the Forms Authentication.
The setting is marked as read-only.
Google offers many discussions when I search for the error message, but I haven't found a clear, working solution.
You have to use location in root Web.config.
http://support.microsoft.com/kb/815174
<location path="Your directory" allowOverride=”false”>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
In the application's root web.config, open it up and find the "</system.web>" line. Then add something like the code below to enable unrestricted access to a directory:
<location path="MY FOLDER/PATH">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
We have a directory named Admin in the root folder of an ASP.net (4.0) web application.
I have created a route to the Admin/Dashboard.aspx
~/administrator/dashboard/
and it works fine.
I was curious if I could disallow to run the file through direct access, even to the administrators.
~/Admin/Dashboard.aspx
Is it doable?
Please help.
You can do with some web.config setting like below
<location path="~/Admin/Dashboard.aspx">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Create a local web.config in the Admin folder and create an authorization rule inside the config file:
<configuration>
<system.web>
<allow ...
<deny ...
</system.web>
</configuration>
where allow and deny should be tuned to serve your needs. In particular, deny users="*" will forbid everyone from accessing your page.
I am using ASP.Net forms authentication to secure a directory called "pro". This is all working fine, however what we want to do is to exclude the root page within the directory - basically this is a sales page detailing the benefits of registering.
So, my question is whether it is possible to secure a directory, but exclude a particular page within that directory?
The other option, which seems pretty easy but not particularly tidy in terms of the file system is to structure my directories like:
/pro/
/pro/default.aspx
/pro/ (secure anything within this folder)
/pro/loggedin/page1.aspx
/pro/loggedin/page2.aspx
Any help greatly appreciated.
Thanks
Al
If you want to allow particular page, then it will be like..
<location path="PageName.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
To protect a folder, try the following:
<location path="/pro">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
I am using forms authentication in a MVC 2 project.
I have this in my web.config:
<authorization>
<deny users="?" />
</authorization>
I want the /Content folder to be available to users that haven't been authenticated yet. The login view uses the css in that folder, which should be available at login time.
Thanks
you can use the css file as a location in your config file like this:
<location path="whatever.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
This would be external of your main system.web block i believe
if this content folder is a separate folder it can have its own web.config file that you can set to allow=*
do you mean:
<authorization>
<allow users="*" />
</authorization>