We are using routing with webforms via asp.net 4.0 and the routing is working great. Our question though is we can't find anywhere on the web where it addresses the issue of accessing our pages directly still using .aspx
For example, we have a route setup (http://www.xyz.com/account
) for the physical page (account.aspx) The problem is I can go on our site and see the account page using the url http://www.xyz.com/account.aspx
The other issue is that the route contains some other parameters as part of the route itself. For example..... /account/profile which tells which tab on the account page to display. Accessing this page with just account.aspx breaks it.
Can we easily deny access to the actual .aspx extensions?