<?xml version="1.0" encoding="utf-8"?>Your site permissions will be included in the site’s files themselves.
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>
To give Read, Execute, and Write permissions to MyApp file system directory for user Foo, add the following line to the Manifest.xml file:http://www.iis.net/learn/get-started/planning-for-security/secure-content-in-iis-through-file-system-acls
<setAcl path=”MyApp” setAclAccess=”ReadAndExecute, Write” setAclUser=”Foo” />
To set the ACL on the path MyApp/Upload to allow anonymous users to upload content, add the following line to your Manifest.xml file:
<setAcl path=”MyApp/Upload” setAclAccess=”Write” setAclUser=”anonymousAuthenticationU ser” />
Note that anonymousAuthenticationUser is a special token that will resolve to your configured anonymous authentication identity.
To grant Read access to the MyApp\Data folder for the application pool identity, add the following line to the Manifest.xml file:
<setAcl path=”MyApp/Data” setAclAccess=”Read” />
I just talked with a Security people, they said its the standard to not show any folder to Browser.I'm sorry but that is not even possible. You need to go look at the "View Source" of a lot web sites so you can see that every folder that contains files used in the web page is listed in the HTML content. Start with this page. There are folder links for 'articles', 'videos', 'members', 'Expert_Testing', and "/topics/security/", "/topics/microsoft-iis-web
<link href='//fonts.googleapis.com/css?family=Open+Sans:400,300,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="//experts.cachefly.net/css/2/46ee452ed928e168329ba188ab99c7181881a71c366ba69a84ff17bc23521433.css" media="all" />
<link rel="stylesheet" href="//experts.cachefly.net/css/2/6fd7990c7b61f291d70767fcf90ff88c92a1571fcafdabed97d3ee6041590c27.css" media="all" />
<script src="//experts.cachefly.net/js/2/d487b0d4d961a96067ced6f47d2cc74d5c1046a073b76c1a7e9d6e98962617ef.js" type="text/javascript"></script>
<script src="//experts.cachefly.net/js/2/9a393723cc0e5612ef7741131d89453bb9bb8abcaf08697ce0380119a5d2ca52.js" type="text/javascript"></script>
You mean e-e is insecure?