Sunday, January 20, 2013

ASP.NET Security: Controlling Access to Specific Directories

A common application design is to place files that require authentication in a separate directory. With ASP.NET configuration files, this approach is easy. Just leave the default <authorization> settings in the normal parent directory, and add a web.config file that specifies stricter settings in the secured directory. This web.config simply needs to deny anonymous users (all other settings and configuration sections can be omitted).

<!-- This web.config file is in a subfolder. -->
<deny users="?" />

No comments:
Write comments
Recommended Posts × +