I have created a safe path in my web-application.
As mentioned in this link:
When I use the following configuration to secure my files:
& lt ; Location path = "secure" & gt; & Lt; System.web & gt; & Lt; CustomError Mode = "RemoteOnly" Reader Mode = "ResponseRight" Default Redirect = "Error Error" & gt; & Lt; / CustomErrors & gt; & Lt; Authority & gt; & Lt; Deny users = "?" / & Gt; & Lt; / Authorization & gt; & Lt; /system.web> & Lt; / Location & gt; The following files can be accessed without subject:
My Host Link /secure/xyz/01.doc My Host Link / Secure / Xyz / 01 .docx my host link /secure/xyz/01.xls My hosted link /secure/xyz/01.xlsx but the files below are still accessible without access to :
My Host Link /secure/xyz/01.pdf My Host Link /secure/xyz/01.txt My Host Link /secure/xyz/01.png Any thoughts about such behavior? Why is there other than office document files yet accessible? I need to protect them.
While your web.config protects your web pages and < Many other stable files like em> some files, PDFs, are being served by IIS directly .
You can force these other stable files to your web To go through ASP.NETPTline by adding StaticFileHandler entries in the config.
& lt; System.webServer & gt; & Lt; Operators & gt; & Lt; Add name = "PDFHandler" type = "System.Web.StaticFileHandler" path = "* .pdf" verb = "received" /> & Lt; Add name = "PNGHandler" type = "System.Web.StaticFileHandler" path = "* .png" action = "received" /> & Lt; Add name = "TXTHandler" type = "System.Web.StaticFileHandler" path = "* .txt" action = "received" /> & Lt; / Operators & gt; & Lt; /system.webServer> I think you already have something similar to your other office document types. Either in web.config or in IIS.
Comments
Post a Comment