ASP.net Disallow Direct Access to Admin Directory

Question

We have a directory named Admin in the root folder of an ASP.net (4.0) web application.

I have created a route to the Admin/Dashboard.aspx

~/administrator/dashboard/

and it works fine.

I was curious if I could disallow to run the file through direct access, even to the administrators.

~/Admin/Dashboard.aspx

Is it doable?

Please help.

score 1 · Accepted Answer · answered Dec 01 '11 at 10:37

1

You can do with some web.config setting like below

<location path="~/Admin/Dashboard.aspx">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

answered Dec 01 '11 at 10:37

Arun Rana

8,426
14
67
107

I want to disallow access to the file completely via direct access. Does this hurt the route? – Nancy Dec 01 '11 at 10:39
@Nancy Are you using MVC architecture ? if yes then look out this link http://stackoverflow.com/questions/1370315/asp-net-mvc-restricting-access-using-url if no then http://stackoverflow.com/questions/405394/using-routing-without-mvc-authentication-form – Arun Rana Dec 01 '11 at 10:55
Then you can refer my 2nd link – Arun Rana Dec 01 '11 at 11:16

score 0 · Answer 2 · answered Dec 01 '11 at 10:43

Create a local web.config in the Admin folder and create an authorization rule inside the config file:

<configuration>
   <system.web>
      <allow ...
      <deny ...
   </system.web>
</configuration>

where allow and deny should be tuned to serve your needs. In particular, deny users="*" will forbid everyone from accessing your page.

ASP.net Disallow Direct Access to Admin Directory

2 Answers2