如何拒绝用户访问子文件夹和文件? [英] how to deny user to access sub folders and file?

问题描述

在本地计算机上，我在mvc4(剃刀)上创建了示例项目，并创建了名为"x"的目录，并在其中放置了文本文件"a.txt".

on local machine ,i created sample project on mvc4 (razor) and create directory named "x" and put a text file "a.txt" in it.

http://localhost:64471/x/a.txt

在我的Web配置中，我拒绝所有用户通过此配置访问"x"文件夹:

in my web config i deny all user to access to "x" folder by this config:

<location path="x">
<system.web>
  <authorization>
    <deny users="*"/>
  </authorization>
</system.web>

现在，如果用户发送此请求:

Now if user send this request :

http://localhost:64471/x/ 

它可以工作，并将用户返回到Web配置中的forms标记中定义的URL.

it works and return user to URL that defined in forms tag in web config.

但是当用户发送此请求时:

but when user send this request :

http://localhost:64471/x/a.txt

可以在浏览器中读取文本文件(浏览器显示文本文件的内容).

can read text file in browser(browser shows contents of text file).

我想知道如何拒绝用户访问"x"文件夹中的所有文件和子文件夹吗?

i want to know how to deny user to access all files and subfolders in "x" folder?

推荐答案

我在根web.config中使用 path ="x" 进行了测试.它限制了x文件夹下的所有内容；它甚至都不会让我浏览〜/x.我被重定向到登录页面.

I tested with path="x" in root web.config. It restrict everything under x folder; it won't even let me browse ~/x. I get redirected to login page.

您可以在根web.config中尝试这样的a.txt的完整路径吗?

Could you try full path to a.txt like this in root web.config?

<location path="x/a.txt">
  <system.web>
    <authorization>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>

如果仍然无法使用，您可以尝试在x文件夹中创建包含以下内容的web.config.

If it still doesn't work, you can try creating a web.config inside x folder with the following content.

<?xml version="1.0"?>
<configuration>

  <location path="a.txt">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

</configuration>

这篇关于如何拒绝用户访问子文件夹和文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！