Disabling direct HTTP access to certain folders on server

[Vikas]

Hi
I am using .Net Framework 1.1. There are some XSL files in a folder of my
web application. I want to restrict a user from directly accessing these
files - e.g. I want to display a forbidden page when he types the URL
http://Myserver.com/MyApp/XMLFolder/pqr.xsl

However the ASP.Net application should be able to access these files i.e. it
should be able to apply the XSL Stylesheets to the corresponding XML files.
It would be a great help if someone could let me know how to do the same
Thanks
Vikas

 

[Dominick Baier [DevelopMentor]]

Hi,

find more info here:

http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET20.aspx
http://www.leastprivilege.com/MoreOnProtectingStaticResourcesWithASPNET20.aspx

in your case you only have to map the .xsl extension in iis to aspnet_isapi
and put a HttpNotFoundHandler in place...

 

[Vikas]

Hi Dominick
I tried that - but the problem is that this prevents the xsl file being
applied to the corresponding xml file.
Actually, let me clarify. There is a static aspx page, which contains an
iframe that hosts the xml. The xsl is applied to this xml.
If I apply an HttpForbiddenHandler to xsl files, the stylesheet doesnt get
applied at all and the frame displays "Cannot view XML input using XSL style
sheet".
Thanks in advance.
Vikas

 

[Dominick Baier [DevelopMentor]]

well - if you need to access the .xsl from "outside" the web server this
won't help you.