What I am trying to deny users to access to static folder:
<location path="log4">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
But this fails.
I found this Q&A for my question:
First answer is solution to my question:
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Uploads"/>
</hiddenSegments>
</requestFiltering>
</security>
That's good.
But when I look closer to my web config, I have other sections that may restrict or allow users to access folder such as images or css, but below are not considered for input requests it allows any one access them.
<location path="images">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
In the same thread second most upvoted answer, I would exprect it works but not.
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
This might be a solution to my second part of question:
<modules runAllManagedModulesForAllRequests="true"></modules>
However as noted here this cause performance issue.
Here is also mentioned set up handler for example .xml files but I need at folder level.
My question how to deny/allow access to static folder content with location path with out seting runAllManagedModulesForAllRequests to true.
My application works with form authentication and on applicaton pool .net 2.0 with integrated mode.
