Friday, December 2, 2016

Block access to a specific folder in your ASP.NET MVC website

One way to block access to a specific folder in your ASP.NET MVC website is by combining the <location> with an <authorization> section inside your web.config:

In fact this is not the best approach as it is possible that this configuration is not applied when the ASP.NET pipeline is not invoked.

A better approach is to block the access at the IIS level by using the following configuration inside your web.config:

No comments: