appsettings.json受IIS保护吗？ [英] Is appsettings.json protected by IIS?

问题描述

在旧版ASP.NET应用程序中，通过导航到URL， * .config 文件无法下载。但新约定是使用 appsettings.json 。现在，如果我有一个名为 contoso.com 的ASP.NET核心网站，它由IIS从名为 C：\inetpub \的目录提供服务sites\contoso.com ，并且文件位于 C：\inetpub \websites\contoso.com \ appsettings.json ...如果有人导航到 https：//，IIS是否足够聪明，知道不通过HTTP提供此文件contoso.com/appsettings.json ？

In legacy ASP.NET applications, *.config files cannot be downloaded by navigating to the URL. But the new convention is to use appsettings.json. Now, if I have a ASP.NET Core website called contoso.com and it's served by IIS from a directory called C:\inetpub\websites\contoso.com, and there is a file located at C:\inetpub\websites\contoso.com\appsettings.json... Is IIS smart enough to know not to serve this file over HTTP if someone navigates to https://contoso.com/appsettings.json?

推荐答案

文件通常从wwwroot文件夹提供。只要您尚未将 C：\inetpub\websites\contoso.com \ 配置为您应用的Web根目录，appsettings.json文件就是安全的。默认情况下，静态文件位于 C：\inetpub\websites\contoso.com \ www.root \ 中。我推荐这个优秀的文档： https://docs.microsoft.com / en-us / aspnet / core / fundamentals / static-files

Files are normally served from the "wwwroot" folder. The appsettings.json file is safe as long as you haven't configured C:\inetpub\websites\contoso.com\ to be your app's web root. By default, static files are found in C:\inetpub\websites\contoso.com\wwwroot\. I recommend this excellent doc: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/static-files

顺便说一句，除非另有配置，否则IIS甚至不会检查文件系统。实际上，ASP.NET Core将确保文件仅从wwwroot文件夹提供。 IIS中典型的ASP.NET Core 网站实际上作为单独的Web服务器运行，IIS通过ASP.NET核心模块反向代理。这意味着所有请求都由ASP.NET Core处理。要提供静态文件，您必须使用Microsoft.AspNetCore.StaticFiles包中提供的静态文件中间件。

By the way, unless configured otherwise, IIS doesn't even check the filesystem. It is actually ASP.NET Core that is going to ensure files are only served from the "wwwroot" folder. A typical ASP.NET Core website in IIS is actually running as a separate web server which IIS reverse proxies to via the ASP.NET Core Module. This means all requests are handled by ASP.NET Core. To serve static files, you have to use the static files middleware, which is available in the Microsoft.AspNetCore.StaticFiles package.

这篇关于appsettings.json受IIS保护吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！