How to restrict folder access in asp.net

3641 ワード

How to restrict folder access in asp.net


回答1(ユーザー権限を考慮しない質問)
For the future generation the answer which works for me is to use hidden segments.
If you want to secure e.g. Uploads folder go to your root Web.config and add into following element:

  
      segment="Uploads"/>   

This will prevent all users from direct access to Uploads folder and its content.
Very usefull, this works perfect if your site don't has roles or authentication
 
回答2
You can do like @klausbyskov mentions, to add 's to the root web.config, like:
 path="Admin">    roles="Administrator"/>  users="*"/>   

or you can add a web.config to the folder where you want to allow/deny access with the following content:
xml version="1.0"?>     roles="Administrator"/>  users="*" />   

Of course replace the and with you own rules
 
回答3
You should add a web.config file to said folder and put an tag in the file, as described here.