Solved

Asp.net protect folders Shared or Vps Hosting

Posted on 2013-12-31
5
256 Views
Last Modified: 2014-01-03
I have some doubts how can I protect certain folders on a shared or vps hosting environment. If I want to protect the main site folder and eg the folder where the source code is, can do something like:?

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

0
Comment
Question by:rflorencio
  • 3
  • 2
5 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39747996
Are you talking about access through a browser, or access through via the OS?

Web.config is only going to allow you to restrict access via a browser. If people on the VPN have access to the server itself then you are going to need to rely on proper ACL at the OS levels to protect the folders.
0
 

Author Comment

by:rflorencio
ID: 39748019
I'm talking about access through a browser.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39748026
In that case, yes, what you have should do the trick - insomuch as you are denying access to all users to that folder. Apart from the denny / deny typo :)
0
 

Author Comment

by:rflorencio
ID: 39753351
So in this case the users can see the html pages in browser but does not have access to the . Aspx or other files in protected folders , right?
0
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 500 total points
ID: 39753404
Are you trying to deny access to all files in a folder, or to specific types of files in a folder?

If it's the latter, you need a slightly more complex config to filter based on extension. Example:
<location path="some_directory">
    <system.web>
        <httpHandlers>
            <add verb="*" path="*.aspx" type="System.Web.HttpForbiddenHandler" />
        </httpHandlers>
    </system.web>
</location>

Open in new window

Using deny="*" will prevent all access to the directory, whereas the config in the example above will block all .aspx files in the location only.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now