?
Solved

Asp.net protect folders Shared or Vps Hosting

Posted on 2013-12-31
5
Medium Priority
?
263 Views
Last Modified: 2014-01-03
I have some doubts how can I protect certain folders on a shared or vps hosting environment. If I want to protect the main site folder and eg the folder where the source code is, can do something like:?

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

0
Comment
Question by:rflorencio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39747996
Are you talking about access through a browser, or access through via the OS?

Web.config is only going to allow you to restrict access via a browser. If people on the VPN have access to the server itself then you are going to need to rely on proper ACL at the OS levels to protect the folders.
0
 

Author Comment

by:rflorencio
ID: 39748019
I'm talking about access through a browser.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39748026
In that case, yes, what you have should do the trick - insomuch as you are denying access to all users to that folder. Apart from the denny / deny typo :)
0
 

Author Comment

by:rflorencio
ID: 39753351
So in this case the users can see the html pages in browser but does not have access to the . Aspx or other files in protected folders , right?
0
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 2000 total points
ID: 39753404
Are you trying to deny access to all files in a folder, or to specific types of files in a folder?

If it's the latter, you need a slightly more complex config to filter based on extension. Example:
<location path="some_directory">
    <system.web>
        <httpHandlers>
            <add verb="*" path="*.aspx" type="System.Web.HttpForbiddenHandler" />
        </httpHandlers>
    </system.web>
</location>

Open in new window

Using deny="*" will prevent all access to the directory, whereas the config in the example above will block all .aspx files in the location only.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question