什么取代了IIS / ASP.NET网站的.htaccess?
在阿帕奇/ PHP的网站,如果我想要把一个文件灵敏我的网站文件夹中,我把.htaccess文件夹中,因此用户无法下载机密文件。
On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.
是否有IIS / ASP.NET网站后,即有类似的做法,如果我有一个共享的托管帐户,但没有访问IIS服务器。我可以举例来说做到这一点在web.config中?
Is there a similar practice for IIS/ASP.NET sites, i.e. if I have a shared hosting account and don't have access to IIS server. Can I do this in web.config for instance?
例如。该ASPNETDB.MDF文件ASP.NET配置放在App_Data目录。我以为这是默认保护,但我在哪里可以更改该文件夹的设置,我可以用一个.htaccess文件?
e.g. the ASPNETDB.MDF file that ASP.NET Configuration put in the App_Data directory. I would assume this is protected by default but where can I change the settings for this folder as I could with a .htaccess file?
在一个ASP.Net的web.config,你可以设置位置,以增加安全到特定的文件和文件夹。此外,你可以从这些目录中删除所有的动词:
Inside of an ASP.Net web.config you can setup locations to add security to specific files and folders. In addition, you can remove all verbs from those directories:
<location path="Secret" allowOverride="false">
<system.web>
<authorization>
<deny users="*" />
</authorization>
<httpHandlers>
<remove path="*.*" verb="*"/>
</httpHandlers>
</system.web>
</location>
我只用了段的授权部分,它的伟大工程。处理程序应进一步锁定下来,并使用ISAPI筛选器将能够把收尾就可以了。
I have only used the authorization portion of that snippet and it works great. The handler should further lock it down and using a ISAPI filter would be able to put the finishing touches on it.