Ignoring a route in ASP.NET MVC

Question

I am just learning to work with routing in ASP.NET MVC and am trying to understand the IgnoreRoute method.

I am trying to prevent users from accessing "Content/{filename}.html". I have placed this as the first call in my RegisterRoutes method. Here is my code:

public static void RegisterRoutes(RouteCollection routes)
{
    routes.IgnoreRoute("Content/{filename}.html");
    routes.IgnoreRoute("{resource}.axd/{*pathInfo}");


    routes.MapRoute("MyRoute", "{controller}/{action}/{id}/{*catchall}",
                    new { controller = "Home", action = "Index", id = UrlParameter.Optional },
                    new { controller = "^.*", action = "^Index$|^About$" },
                    new[] { "UrlsAndRoutes.AditionalControllers" });
    routes.MapRoute("MyRoute2", "{controller}/{action}/{id}/{*catchall}",
                   new { controller = "Home", action = "Index", id = UrlParameter.Optional },
                    new { controller = "^.*", action = "^Index$|^About$" },
                   new[] { "UrlsAndRoutes.Controllers" });
    routes.MapRoute("ShopSchema2", "Shop/OldAction", new { controller = "Home", action = "Index" });
    routes.MapRoute("ShopSchema", "Shop/{action}", new { controller = "Home" });
    routes.MapRoute("", "X{controller}/{action}");

    routes.MapRoute(
       name: "",
       url: "{controller}/{action}",
       defaults: new { controller = "Home", action = "Index" }
   );
}

If I try to access a link like localhost:53907/Content/Static.html, it should not allow me to display the file from what I understand so far, but it does display it.

What am I doing wrong?

Answer 1

Ignoring routes in MVC will tell the MVC framework not to pick up those URLs.

This means that it will let the underlying ASP.NET handle the request, which will happily show you a static file.

Answer 2

If you really want to block access to that folder, why not define it in web.config?

Place a web.config in that folder.

The contents should be:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
          <!-- <allow roles="admin" /> --> //In case you want to give access to admin only.
          <deny users ="*" />
        </authorization>
    </system.web>
</configuration>