views:

655

answers:

2

I have in my web application an ADO.NET Entity-Framework *.edmx file.

When I browse in the browser (when the application is running) to an edmx file, it doesn't show the error page like when browsing to a *.cs or vb file, it opens the edmx and shows my model scheme to all the users!!!

How can I avoid that.

+6  A: 

You should map the extension to the ASP.NET's System.Web.HttpForbiddenHandler class in web.config. If you are using IIS6, before you could do that, you should have mapped the extension to ASP.NET ISAPI handler.

IIS7 Integrated Mode:

<system.webServer>
    <handlers>
        <add name="MyForbiddenExtensionHandler" 
             path="*.edmx" 
             verb="*" 
             type="System.Web.HttpForbiddenHandler" 
             preCondition="integratedMode" />
    </handlers>
</system.webServer>

IIS7 Classic Mode. Something like:

<system.web>
  <httpHandlers>
     <add path="*.edmx" 
         verb="*" 
         type="System.Web.HttpForbiddenHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </httpHandlers>
</system.web>
<system.webServer>
  <handlers>
     <add name="MyExtensionISAPI" 
         path="*.edmx" 
         verb="*" 
         modules="IsapiModule" 
         scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv2.0,bitness64" />
  </handlers>
</system.webServer>

IIS6 (after mapping the handler to aspnet_isapi.dll in IIS6 configuration):

<system.web>
  <httpHandlers>
     <add path="*.edmx" 
         verb="*" 
         type="System.Web.HttpForbiddenHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </httpHandlers>
</system.web>
Mehrdad Afshari
type="System.Web.HttpForbiddenHandler, System.Web"System.Web at the end, threw an error. should be just type="System.Web.HttpForbiddenHandler".
Shimmy
Updated the answer with the full name of System.Web assembly to make it foolproof. I prefer to specify the name of the assembly to prevent it to be accidentally loaded from another assembly if it contains a type with the same name.
Mehrdad Afshari
+4  A: 

You can do this two ways; firstly in the web.config or secondly in IIS

<system.web>
    <httpHandlers>
        <add verb="*" path="*.edmx" type="System.Web.HttpForbiddenHandler" />
    </httpHandlers>
</system.web>

Here's a link to a microsoft support page that details how to do it in the web config and IIS.

http://support.microsoft.com/kb/815152

David Liddle