How to restrict folder access in asp.net

How to restrict folder access in asp.net

回答1(不考虑用户权限的问题)

For the future generation the answer which works for me is to use hidden segments.

If you want to secure e.g. Uploads folder go to your root Web.config and add into <system.webServer> following element:

<security>
  <requestFiltering>
    <hiddenSegments>
      <add segment="Uploads"/>
    </hiddenSegments>
  </requestFiltering>
</security>

This will prevent all users from direct access to Uploads folder and its content.

Very usefull, this works perfect if your site don't has roles or authentication

回答2

You can do like @klausbyskov mentions, to add <authorization />'s to the root web.config, like:

<location path="Admin">
    <system.web>
        <authorization>
            <allow roles="Administrator"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

or you can add a web.config to the folder where you want to allow/deny access with the following content:

<?xml version="1.0"?>
<configuration>
    <system.web>
        <authorization>
            <allow roles="Administrator"/>
            <deny users="*" />              
        </authorization>
    </system.web>
</configuration>

Of course replace the <allow /> and <deny /> with you own rules

回答3

You should add a web.config file to said folder and put an <authorization> tag in the file, as described here.