Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to deny user to access sub folders and file?

on local machine ,i created sample project on mvc4 (razor) and create directory named "x" and put a text file "a.txt" in it.

http://localhost:64471/x/a.txt

in my web config i deny all user to access to "x" folder by this config:

<location path="x">
<system.web>
  <authorization>
    <deny users="*"/>
  </authorization>
</system.web>

Now if user send this request :

http://localhost:64471/x/ 

it works and return user to URL that defined in forms tag in web config.

but when user send this request :

http://localhost:64471/x/a.txt

can read text file in browser(browser shows contents of text file).

i want to know how to deny user to access all files and subfolders in "x" folder?

like image 718
motevalizadeh Avatar asked Sep 26 '13 19:09

motevalizadeh


People also ask

How do I prevent others from accessing my files?

Select properties, and then select the "security" tab. You will then see the security options for the folder you chose. Click on the "to change permissions, click edit" button underneath the "Groups or User Names" box. A new box will pop-up that gives you access to control the permissions for Groups and Users.

Can you restrict access to a subfolder in Google Drive?

Select the folder in Google Drive/Doc view and choose More --> Share. Under Who has access set the Edit / View permissions, and add any individuals or groups you need.


2 Answers

I know this is an old question, but if you are having issues and dealing with text or html files, you might want to refer to this stackoverflow question.

In short, you might need to add this to your web.config:

<system.webServer>
    <modules>
        <remove name="UrlAuthorization" />
        <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"  />
    </modules>
</system.webServer>

As kirk points out, files such as .txt and .html files are handled by IIS and not ASP.NET, so the authorization rules aren't applied to them.

like image 56
Jeremy Avatar answered Oct 02 '22 18:10

Jeremy


I tested with path="x" in root web.config. It restrict everything under x folder; it won't even let me browse ~/x. I get redirected to login page.

Could you try full path to a.txt like this in root web.config?

<location path="x/a.txt">
  <system.web>
    <authorization>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>

If it still doesn't work, you can try creating a web.config inside x folder with the following content.

<?xml version="1.0"?>
<configuration>

  <location path="a.txt">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

</configuration>
like image 27
Win Avatar answered Oct 02 '22 18:10

Win