问题
I have a MVC website, without authentication. In the website directory I have a folder \ProjectNotes which contains a file inside, Notes.txt. Neither this folder nor the text file are a part of the solution, but still get copied up on publish.
My problem is that using a web browser anybody can access mysite.com/ProjectNotes/Notes.txt and I cannot prevent it. I have tried adding a specific route to take the user to the error page (no effect) and in the web config I've tried but that didn't work either.
How can I prevent access to the Notes.txt file using the MVC framework?
回答1:
You should use Web.Config file for your case. Add to your root Web.Config file into <system.webServer> section:
<security>
<requestFiltering>
<hiddenSegments>
<add segment="ProjectNotes"/>
</hiddenSegments>
</requestFiltering>
</security>
Actually, your question has nothing with MVC, but with IIS restrictions (Or other web server restrictions but I assume you using IIS)
来源:https://stackoverflow.com/questions/36425635/mvc-website-how-to-prevent-access-to-static-files