Solved

Asp.net protect folders Shared or Vps Hosting

Posted on 2013-12-31
5
262 Views
Last Modified: 2014-01-03
I have some doubts how can I protect certain folders on a shared or vps hosting environment. If I want to protect the main site folder and eg the folder where the source code is, can do something like:?

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

<configuration>
 <location path="subdir1">
 <system.web>
 <authorization>
 <denny users ="*" />
 </authorization>
 </system.web>
 </location>
 </configuration>

Open in new window

0
Comment
Question by:rflorencio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39747996
Are you talking about access through a browser, or access through via the OS?

Web.config is only going to allow you to restrict access via a browser. If people on the VPN have access to the server itself then you are going to need to rely on proper ACL at the OS levels to protect the folders.
0
 

Author Comment

by:rflorencio
ID: 39748019
I'm talking about access through a browser.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39748026
In that case, yes, what you have should do the trick - insomuch as you are denying access to all users to that folder. Apart from the denny / deny typo :)
0
 

Author Comment

by:rflorencio
ID: 39753351
So in this case the users can see the html pages in browser but does not have access to the . Aspx or other files in protected folders , right?
0
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 500 total points
ID: 39753404
Are you trying to deny access to all files in a folder, or to specific types of files in a folder?

If it's the latter, you need a slightly more complex config to filter based on extension. Example:
<location path="some_directory">
    <system.web>
        <httpHandlers>
            <add verb="*" path="*.aspx" type="System.Web.HttpForbiddenHandler" />
        </httpHandlers>
    </system.web>
</location>

Open in new window

Using deny="*" will prevent all access to the directory, whereas the config in the example above will block all .aspx files in the location only.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question