如何拒绝用户访问子文件夹和文件? [英] how to deny user to access sub folders and file?
问题描述
在本地计算机上,我在mvc4(剃刀)上创建了示例项目,并创建了名为"x"的目录,并在其中放置了文本文件"a.txt".
on local machine ,i created sample project on mvc4 (razor) and create directory named "x" and put a text file "a.txt" in it.
http://localhost:64471/x/a.txt
在我的Web配置中,我拒绝所有用户通过此配置访问"x"文件夹:
in my web config i deny all user to access to "x" folder by this config:
<location path="x">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
现在,如果用户发送此请求:
Now if user send this request :
http://localhost:64471/x/
它可以工作,并将用户返回到Web配置中的forms标记中定义的URL.
it works and return user to URL that defined in forms tag in web config.
但是当用户发送此请求时:
but when user send this request :
http://localhost:64471/x/a.txt
可以在浏览器中读取文本文件(浏览器显示文本文件的内容).
can read text file in browser(browser shows contents of text file).
我想知道如何拒绝用户访问"x"文件夹中的所有文件和子文件夹吗?
i want to know how to deny user to access all files and subfolders in "x" folder?
推荐答案
我在根web.config中使用 path ="x"
进行了测试.它限制了x文件夹下的所有内容;它甚至都不会让我浏览〜/x.我被重定向到登录页面.
I tested with path="x"
in root web.config. It restrict everything under x folder; it won't even let me browse ~/x. I get redirected to login page.
您可以在根web.config中尝试这样的a.txt的完整路径吗?
Could you try full path to a.txt like this in root web.config?
<location path="x/a.txt">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
如果仍然无法使用,您可以尝试在x文件夹中创建包含以下内容的web.config.
If it still doesn't work, you can try creating a web.config inside x folder with the following content.
<?xml version="1.0"?>
<configuration>
<location path="a.txt">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
这篇关于如何拒绝用户访问子文件夹和文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!