What replaces .htaccess on IIS/ASP.NET sites?

On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.

Is there a similar practice for IIS/ASP.NET sites, i.e. if I have a shared hosting account and don't have access to IIS server. Can I do this in web.config for instance?

e.g. the ASPNETDB.MDF file that ASP.NET Configuration put in the App_Data directory. I would assume this is protected by default but where can I change the settings for this folder as I could with a .htaccess file?

Answers


Inside of an ASP.Net web.config you can setup locations to add security to specific files and folders. In addition, you can remove all verbs from those directories:

<location path="Secret" allowOverride="false">
  <system.web>
    <authorization>
      <deny users="*" />
    </authorization>
    <httpHandlers>
      <remove path="*.*" verb="*"/>
    </httpHandlers>
  </system.web>
</location>

I have only used the authorization portion of that snippet and it works great. The handler should further lock it down and using a ISAPI filter would be able to put the finishing touches on it.


Need Your Help

How to store directory / hierarchy / tree structure in the database?

sql-server sql-server-2005 database-design tree-structure

How do i store a directory / hierarchy / tree structure in the database? Namely MSSQL Server.

Gson, parsing json innerclass list, javabean

java json gson inner-classes

Well so I'm trying to parse a bit of JSon. I succeeded to parse: