authentication - Can I use wildcards in the web.config location path attribute?

Question

Welcome To Ask or Share your Answers For Others

authentication - Can I use wildcards in the web.config location path attribute?

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

authentication - Can I use wildcards in the web.config location path attribute?

In IIS 7 I try to deny access to all files with the extension .xml for all users.

I tried the following setting in my web.config file:

<location path="*.xml">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
</location>

But then getting any file results in an internal server error.

It works if I deny access to the individual files but this solution does not buy me much as I do not know all .xml files in advance.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T20:00:55+0000

Try this:

<configuration>
    <system.web>
        <httpHandlers>
            <add path="*.xml" verb="*" 
             type="System.Web.HttpNotFoundHandler" />
        </httpHandlers>
    </system.web>
</configuration>

By the way you could alternatively store all of your xml files within the App_Data directory. Storing files of any type in this directory will not be served to the web.

Categories

authentication - Can I use wildcards in the web.config location path attribute?

authentication - Can I use wildcards in the web.config location path attribute?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags