Setting file access restrictions...
-
For an asp.net application, I'm using an xml file to read in configuration settings. The problem is... some of the settings can hold sensitive data. I want to ensure that the application can read in the values, but that the server will not acknowledge any http requests on the file. Prior programming conventions would dictate placing the configuration file somewhere outside of the scope of the web root, but that makes for more difficult installations... I'm trying to keep the whole application limited to one directory. So... is there a web.config setting I could use to grant server access to a file, but not http access?
-
For an asp.net application, I'm using an xml file to read in configuration settings. The problem is... some of the settings can hold sensitive data. I want to ensure that the application can read in the values, but that the server will not acknowledge any http requests on the file. Prior programming conventions would dictate placing the configuration file somewhere outside of the scope of the web root, but that makes for more difficult installations... I'm trying to keep the whole application limited to one directory. So... is there a web.config setting I could use to grant server access to a file, but not http access?
-
Thanks a lot; knowing this is definitely a big piece of the puzzle, as it will surely be how I target the specific file. But I'm still unsure of the specific configuration that will instruct IIS to reject http requests for that file, while still allowing server requests. -Roo
-
Thanks a lot; knowing this is definitely a big piece of the puzzle, as it will surely be how I target the specific file. But I'm still unsure of the specific configuration that will instruct IIS to reject http requests for that file, while still allowing server requests. -Roo
Try this:
`<location path="YOUR_FILE_NAME.aspx"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location>`