什么取代了IIS / ASP.NET网站的.htaccess？ [英] What replaces .htaccess on IIS/ASP.NET sites?

问题描述

在阿帕奇/ PHP的网站，如果我想要把一个文件灵敏我的网站文件夹中，我把.htaccess文件夹中，因此用户无法下载机密文件。

On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.

是否有IIS / ASP.NET网站后，即有类似的做法，如果我有一个共享的托管帐户，但没有访问IIS服务器。我可以举例来说做到这一点在web.config中？

Is there a similar practice for IIS/ASP.NET sites, i.e. if I have a shared hosting account and don't have access to IIS server. Can I do this in web.config for instance?

例如。该ASPNETDB.MDF文件ASP.NET配置放在App_Data目录。我以为这是默认保护，但我在哪里可以更改该文件夹的设置，我可以用一个.htaccess文件？

e.g. the ASPNETDB.MDF file that ASP.NET Configuration put in the App_Data directory. I would assume this is protected by default but where can I change the settings for this folder as I could with a .htaccess file?

推荐答案

在一个ASP.Net的web.config，你可以设置位置，以增加安全到特定的文件和文件夹。此外，你可以从这些目录中删除所有的动词：

Inside of an ASP.Net web.config you can setup locations to add security to specific files and folders. In addition, you can remove all verbs from those directories:

<location path="Secret" allowOverride="false">
  <system.web>
    <authorization>
      <deny users="*" />
    </authorization>
    <httpHandlers>
      <remove path="*.*" verb="*"/>
    </httpHandlers>
  </system.web>
</location>

我只用了段的授权部分，它的伟大工程。处理程序应进​​一步锁定下来，并使用ISAPI筛选器将能够把收尾就可以了。

I have only used the authorization portion of that snippet and it works great. The handler should further lock it down and using a ISAPI filter would be able to put the finishing touches on it.

这篇关于什么取代了IIS / ASP.NET网站的.htaccess？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！