Prevent site directory from being displayed - asp.net

I have a subdomain on which I have put up all the js code for my webiste to interact with another application. For eg: at code.example.com
Whenever, the user types this address,code.example.com, all the contents of the directory are listed. How do I prevent this thing? I do not have nay index.html or index.aspx here.

In your IIS Configuration, turn off Directory browsing.
If you say what version of IIS you're using, then we can give specific steps on how to turn directory browsing off.

Related

moving website to new hosting causes "forbidden"

I am moving website from one hosting server to another hosting server. I have uploaded files. I am using forms authentification. Basically, I am moving to GoDaddy.
I can access login form directly: www.mysite.com/login.aspx
However, when I open www.mysite.com it shows
Forbidden
You do not have permission to access this document.
What can cause this problem? Which files do not have permissions? Should I modify web.config or anything else?
I am using asp.net version 3.5.
Problem:
IIS has configuration for default document, which is typically default.htm, default.aspx, etc. but not login.aspx. If site has no default document in the root folder and directory browsing feature is disabled you will get the Forbidden message.
Solution:
Either create default document as per default IIS configuration
or change IIS configuration to make login.aspx your default document
To create default document, add a new file, name it as default.htm and copy to the root directory of your site
<html>
<head>
<meta http-equiv="REFRESH" content="0;url=login.aspx">
</head>
<body></body>
</html>
To change IIS configuration, go to your hosting settings panel and find Web Server Settings feature where you could add login.aspx to the list of default documents for your account.
Sounds to me that the default page in IIS is not set. It appears that your default page is Login and the IIS default is Default.
It may be because the IIS is not finding a default start page. Adding default document in IIS is one way. But an other way is adding default document (start page) in web.config file.
Suppose if you want to open login.aspx page when some one opens your website, then add following code in web.config file
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="Login.aspx"/>
</files>
</defaultDocument>
</system.webServer>
Think about the basics of how your web server works.
You have one file root folder (typically named www/ or public_html/ or something else depending on your setup) and you have sub folders and files within the root folder.
Web servers work so that they only allow public access to your "public root folder" and not your server files / language specific folders / system folders etc.
And now think about your error message for a second, it tells you that "You do not have permission to access this document." Which is basically talking about either your default.aspx or index.html or some other form of default/index file which loads when you load your root domain.
This is due to "permission error" on that particular file / dependent files etc, exactly as the error message states. You need to check the access mode of your files and folders, which in unix is done by chmod command, and in windows located in file/folder properties -> security -> Permissions which usually lists within a group of users, ie your public/all user group (if it exists)
You need these settings to give read or execute (exec depending on what type of file it is, if html/aspx than read is sufficient, strictly not write in any case as that allows modification to your files by the public) permissions in order for the web server to serve them to public successfully.
In order to give system specific help, your ASP.NET version is not enough to solve it, your IIS info is also needed as well as your server and file system setup etc
Asp.net is probably not registered on your new server. You can check it my adding an simple html file to your folder and try to browse it. As .net is not registered, the aspx extension is unknown.
You should run aspnet_regiis.exe -ir :
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -ir
%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe -ir

what is a root directory in IIS 6 and How do I make one of my subfolder in ASP.NET website the root directory?

I need to integrate a third party plugin in my asp.net website. To install the plugin, they have mentioned this sentence, "Create an application through your IIS control panel with root directory at -(some path from my website folder)?".
I am not much aware with IIS and rarely worked with it. Though I tried every possible way I could do in IIS, I am not able to work it out. After installation, there is a test page provided by plugin which I have to run to check but when I run it, it shows this error.
"It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS."
I searched this error too and found that it is because the two Web.Config file, one from the main project and another from plugin folder. The only way to work with this, is to make the plugin folder they specified as a root directory in IIS. Someone kindly tell me some easy steps to do this.
What I was doing is, in IIS6, I added New website with the main folder of my asp.net website, then I right click>add application and choose the given path, thought it would become root directory but it is not.
Help would be appreciated. Also note that, I have to put the plugin folder in my main website folder only. So, there are two web.config. I tried to rename one of them too, it solved the above error but gave another errors but I think main problem is of root directory. P.S they show me above error on web.config file of plugin folder on this sentence-
"Line 51:
< authentication mode="Windows" />"
Most of the times the root directory is C:\inetpub\wwwroot folder and "Default Web Site" on IIS Manager.
Open IIS Manager and under Sites there should be IIS websites and under it you will probably see Default website. You can see the root directory with Right click/Settings.
Copy your website files under this root directory.
And after copying folder to root folder you will see this folder under Default websites on IIS.
Right click your directory name on IIS and "Create Application", select correct .net framework.
It should be work. Good luck, if you need more help please give more details on your server IIS.

Set default directory in Asp.net

Is there a way to configure the default directory in web.config?
My Default.aspx file is not in the root folder but in /Public/Default.aspx.
I found this post : Set Default Page in Asp.net but it does't work, probably because it's only to configure the default page and not the default directory...
You'll want to configure this in IIS.
You have your website already setup, and all you need to do is add an "Application" within that website.
Add Application...
You can also create a Virtual Directory which would give a similar result. Unfortunately you will still be navigating to http://example.com/public/
My question to you is, what is in the wwwroot directory? Is there a different website? Why not launch two websites within IIS?
Here's more information C/O #waqas

Deployed website shows it folder file list

I built Deployment package and feed IIS with that, but when I trying to visit my site, I see only files of root folder like FTP
Whats wrong ?
Do you have a default or index page? Also, in IIS you should disable directory browsing.

"Site is under construction" page for asp.net site

I have to implement ability to show "site is under construction" page during doing some maintenance work on site. There are a lot of ways to implement such behavior (using global.asax file, using IIS and so on). So I would like to know waht is the most used ways of impletenting this feature.
Thanks in advance.
I prefer App_Offline.htm file in the root.
Take a scrape of your site template, stick it in the App_Offline.htm file and place a message in it. Just dropping this file in the root folder of your web site effectively disables your site.
Meanwhile, upload/manage a second instance of the web-site using a temporary domain/URL and when tested/ready, re-point the old site to the new site in IIS.
The change you're deploying now is a simple change to a single page. But sometimes you deploy larger changes, or you deploy both code and database changes, and the site might behave incorrectly if a user requests a page before deployment is finished. To prevent users from accessing the site while deployment is in progress, you can use an app_offline.htm file. When you put a file named app_offline.htm in the root folder of your application, IIS automatically displays that file instead of running your application. So to prevent access during deployment, you put app_offline.htm in the root folder, run the deployment process, and then remove app_offline.htm after successful deployment.
Source: https://www.asp.net/mvc/overview/deployment/visual-studio-web-deployment/deploying-a-code-update

Resources