Restricting Anonymous access to a folder

Discussion in 'ASP.NET / ASP.NET Core' started by stocksp, Nov 23, 2010.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. stocksp

    stocksp

    I thought this would be simple...
    I added to the web.config in the folder
    <allow roles="Admin"/>
    <deny users="*"/>

    This keeps the riff raff out put generates an ugly redirect error to an login.aspx page I don't have and would rather not add.

    Isn't there a simple way to keep anonymous eyes out of a log folder without writing\adding another page ?
     
    stocksp, Nov 23, 2010
    #1
  2. mjp

    mjp

    You could turn off directory browsing in the IIS Tools section of Control Panel.
     
    mjp, Nov 23, 2010
    #2
  3. stocksp

    stocksp

    Doesn't work for me.

    I did this and am still able to dump the contents of .txt files by just putting the complete address into IE.
     
    stocksp, Nov 23, 2010
    #3
  4. keikoraca

    keikoraca

    What about password protection?
     
    keikoraca, Nov 23, 2010
    #4
  5. Michael Ossou

    Michael Ossou

    I THINK you are trying to keep people from viewing certain files. I also THINK you mean while directory browsing doesnt allow someone to view the entire directory, they can still see the file if they type the whole filename.

    Put your txt files in the _database folder. End users dont have access to this directory.
     
    Michael Ossou, Nov 23, 2010
    #5
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page