Protect Files in Web.Config?

Ask a Question related to ASP.NET Security, Design and Development.

  1. bradwiseathome@hotmail.com #1

    Default Protect Files in Web.Config?


    I have a web.config section that only allows certain groups into a
    subdirectory. Is it possible to specify that only some types of files
    (example .htm) should be protected and the rest are unprotected?

    Thanks.

    bradwiseathome@hotmail.com Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Protect files
      Hi, I need to distribute two projects, one on cd and one in a downloadable zip file. Everything is ready to go except for the fact that all...
    2. Protect .dir files
      Hi! Is it possible to protect .dir files that are used for a miaw from opening? thanks in advance, ras
    3. Protect FLV files
      Hi all, Anyboys knows what is best ways to protect FLV files (flash video files)? Thanks Behzad Peivasteh http://www.e-course.co.jp
    4. Newbie: How to protect the files?
      LarryM wrote: Yes, only the document root and subdirs are accessible. No, as long as there are no security holes. There are sites where...
    5. Protect local data files from download?
      Just make sure that the extension of the file is unkown to IIS. Give the file a name like data.xyz or something. Then IIS will never serve it up...
  2. Dominick Baier [DevelopMentor] #2

    Default Re: Protect Files in Web.Config?

    Hello [email]bradwiseathome@hotmail.com[/email],

    you can't use wildcards on the <locaction files..../> section

    but be careful - htm (or more generally speaking every extension that _isn't_
    handled by asp.net) isn't affected by the authorization element in web.config

    for these kind of files - IIS uses the IUSR_ account to retrieve them - you
    can place NTFS ACLs on them, e.g.



    ---------------------------------------
    Dominick Baier - DevelopMentor
    [url]http://www.leastprivilege.com[/url]
    > I have a web.config section that only allows certain groups into a
    > subdirectory. Is it possible to specify that only some types of files
    > (example .htm) should be protected and the rest are unprotected?
    >
    > Thanks.
    >


    Dominick Baier [DevelopMentor] Guest
    Reply With Quote Reply With Quote
  3. Patrick Olurotimi Ige #3

    Default Re: Protect Files in Web.Config?

    Or try this trick here at:-
    [url]http://aspnet.4guysfromrolla.com/articles/020404-1.aspx[/url]




    *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
    Patrick Olurotimi Ige Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139