0

I am trying to deny access to folder in asp.net server, i put this web.config file inside the folder and still, I have access to filed in it, what shoul I do?

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <authorization>
      <deny users ="*" />
    </authorization>
  </system.web>
</configuration>

Other problem that I had is to create new directory inside the folder I am trying to deny using the server dynamicly, how to do it? There is a way create a folder in asp.net server without ftp? I tried to use 

Directory.CreateDirectory(Server.MapPath("~") + "newFolder");

but without success..

Keith
  • 20,636
  • 11
  • 84
  • 125
Sagi Gamil
  • 7
  • 1
  • When compile path names, you should always use `Path.Combine(Server.MapPath("~"), "newFolder")`. This handles the trailing/non-trainling slashes. – John Jan 04 '15 at 11:58
  • The access part of your question is duplicate to http://stackoverflow.com/questions/5706553/how-to-deny-access-to-folder-or-file – John Jan 04 '15 at 11:59

1 Answers1

1

To deny access you can add this to the web.config file in your main folder:

<location path="folder_name_goes_here">
  <system.web>
    <authorization>
      <allow users="admin_1"/>
      <allow users="admin_2"/>
      <deny users="*"/>
    </authorization>
  </system.web>      
</location>

To create a folder try to add "\" between the MapPath and your folder :

 Directory.CreateDirectory(Server.MapPath("~") + "\\newFolder");
User
  • 276
  • 1
  • 6
  • How to authorize myself as "admin_1"? Where I config my passwords? – Sagi Gamil Jan 07 '15 at 06:08
  • @SagiGamil, From your login page, where you authenticate your users, after you checked their user name and password you send the user using System.Web.Security.FormsAuthentication.RedirectFromLoginPage(user_name, false); You can find more details here: http://msdn.microsoft.com/en-us/library/system.web.ui.page.user(v=vs.110).aspx – User Jan 07 '15 at 17:25