How to restrict folder access in asp.net

Question

How to restrict folder access in asp.net like I don\'t want any other to see my Uploads folder in browser by link http://www.example.com/Uploads

Answer 1

You can manage folder browsing in IIS settings.,

• Open IIS Manager and navigate to the folder you want to manage.

• In Features View, double-click Directory Browsing.

• In the Actions pane, click Enable/Disable.

This is for IIS7.

you can also use commandline for this.

 appcmd set config /section:directoryBrowse /enabled:true|false

Hope this helps...
Happy Programming,

Answer 2

You can do like @klausbyskov mentions, to add <authorization />'s to the root web.config, like:

<location path="Admin">
    <system.web>
        <authorization>
            <allow roles="Administrator"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

or you can add a web.config to the folder where you want to allow/deny access with the following content:

<?xml version="1.0"?>
<configuration>
    <system.web>
        <authorization>
            <allow roles="Administrator"/>
            <deny users="*" />              
        </authorization>
    </system.web>
</configuration>

Of course replace the <allow /> and <deny /> with you own rules

Answer 3

For the future generation the answer which works for me is to use hidden segments.

If you want to secure e.g. Uploads folder go to your root Web.config and add into <system.webServer> following element:

<security>
  <requestFiltering>
    <hiddenSegments>
      <add segment="Uploads"/>
    </hiddenSegments>
  </requestFiltering>
</security>

This will prevent all users from direct access to Uploads folder and its content.

Answer 4

You should add a web.config file to said folder and put an <authorization> tag in the file, as described here.