In my web application all the .aspx pages resides in Pages directory. The project structure is shown below:
The Home.aspx is set as Start Page and the Web.config file of the Pages folder contains:
<configuration>
<location path="Secured">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
And the main Web.config has:
<authentication mode="Forms">
<forms loginUrl="~/Pages/Login.aspx" timeout="2880" defaultUrl="~/Pages/Secured/Home.aspx" />
</authentication>
So when the application launches it redirects to the Login page with the URL:
http://localhost:2453/Pages/Login.aspx?ReturnUrl=%2fPages%2fSecured%2fHome.aspx
Now if I delete the
Login.aspx?ReturnUrl=%2fPages%2fSecured%2fHome.aspx
from that URL and press enter it is taking me to the Directory Listing:
What I want that it will again send me to the Login page located at
http://localhost:2453/Pages/Login.aspx
How can I achieve this? Your help be appreciated.
Thanks.
The localhost:
If you are expecting to see an existing site however, and instead you see the directory listing something has gone wrong somewhere. The file may have been infected via a php injection attack and removed by a malware scanner. The site may have been attacked. Your account password may not be very secure.
You need to disable directory browsing from IIS or from the web.config
<configuration>
<location path="Secured">
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
</location>
</configuration>
this entry above applies to IIS 7+, for IIS 6 you'll have to do it from IIS Manager
There are 2 ways using which you can disable the Directory Listing: This has been tested & works for IIS 10.
<configuration>
<system.webServer>
<directoryBrowse enabled="false" /> <!--this line will disable directory browsing-->
</system.webServer>
</configuration>
Go to Internet Information Services(IIS) and look for the Directory Browser
option. Select it and on the right corner you see an option Open Feature
. Click on it and it will take you to another tab. Now select Disable and you see that the browsing has been disabled.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With