Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Asp.net protect folders Shared or Vps Hosting

Posted on 2013-12-31
5
Medium Priority
?
265 Views
Last Modified: 2014-01-03
I have some doubts how can I protect certain folders on a shared or vps hosting environment. If I want to protect the main site folder and eg the folder where the source code is, can do something like:?

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

0
Comment
Question by:rflorencio
  • 3
  • 2
5 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39747996
Are you talking about access through a browser, or access through via the OS?

Web.config is only going to allow you to restrict access via a browser. If people on the VPN have access to the server itself then you are going to need to rely on proper ACL at the OS levels to protect the folders.
0
 

Author Comment

by:rflorencio
ID: 39748019
I'm talking about access through a browser.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39748026
In that case, yes, what you have should do the trick - insomuch as you are denying access to all users to that folder. Apart from the denny / deny typo :)
0
 

Author Comment

by:rflorencio
ID: 39753351
So in this case the users can see the html pages in browser but does not have access to the . Aspx or other files in protected folders , right?
0
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 2000 total points
ID: 39753404
Are you trying to deny access to all files in a folder, or to specific types of files in a folder?

If it's the latter, you need a slightly more complex config to filter based on extension. Example:
<location path="some_directory">
    <system.web>
        <httpHandlers>
            <add verb="*" path="*.aspx" type="System.Web.HttpForbiddenHandler" />
        </httpHandlers>
    </system.web>
</location>

Open in new window

Using deny="*" will prevent all access to the directory, whereas the config in the example above will block all .aspx files in the location only.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question