了解ASP.NET应用程序文件夹
ASP.NET中的应用程序文件夹用于存储对运行网站至关重要的各种元素。我想更深入地理解这些文件夹,特别是文件夹可访问性。根据有关 ASP.NET网站布局的文章:
The application folders in ASP.NET are used for storing various elements critical to running a website. I want to get a handle on understanding these folders in more depth, specifically the folder accessibility. According to the article on ASP.NET Web Site Layout:
除了App_Themes文件夹之外,应用程序文件夹的内容
是
,不响应Web
请求,但可以从
应用程序代码访问。
The content of application folders, except for the App_Themes folder, is not served in response to Web requests, but it can be accessed from application code.
对这些文件夹的任何浏览器请求都会产生404 - 找不到网页。
Any browser request to these folders results in a "404 - Page Not Found."
那么是什么阻止像 App_Code
, App_Data
这样的文件夹, App_WebReferences
, bin
等是否可以提供给用户?它是一个IIS硬编码不提供此文件夹吗?它是权限配置吗?无论如何有意/无意地绕过这个?
So what prevents folders like App_Code
, App_Data
, App_WebReferences
, bin
, etc. from being served to users? Is it an IIS hard coded "don't serve this folder?" Is it a permissions configuration? And is there anyway to knowingly/unknowingly circumvent this?
在我的IIS7.5配置上,在C:\ Windows中找到\ System32 \inetsrv\config \ applicationHost.config有这一部分:
On my IIS7.5 config, found at C:\Windows\System32\inetsrv\config\applicationHost.config there is this section:
<hiddenSegments applyToWebDAV="true">
<add segment="web.config" />
<add segment="bin" />
<add segment="App_code" />
<add segment="App_GlobalResources" />
<add segment="App_LocalResources" />
<add segment="App_WebReferences" />
<add segment="App_Data" />
<add segment="App_Browsers" />
</hiddenSegments>