tags:

views:

92

answers:

3
+1  Q: 

How can I make www.mywebapp.com/bin return a 404 in ASP.NET MVC?

I'm using ASP.NET MVC to develop a web application, deploying to IIS 7. I've hidden my Files and Views directories with web.config files in those directories (they just return a normal 404).

However, I haven't been able to get the web.config method to work in hiding my bin directory. When I access www.mywebapp.com/bin, I instead get a too-revealing page with this message:

HTTP Error 404.8 - Not Found

The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.

The page reveals part of my directory structure. I just want it to return my 404 page like the Files and Views directories do. How can I get this behavior?

+1  A: 

A better bet would be to handle both 404 and 404.8 errors with the same, more user-friendly, error page that doesn't reveal the precise error code. You would also probably want to handle 403 errors (and probably some others that will be suggested by other SO users) in the same way.

For this, you need to use the <customErrors /> element in the web.config.

David M  2010-01-06 19:36:25
A: 

I have put in my error handling for pathing issues within my global.asax. I then check to see what the error was, in your case 404, and if it's a 404 I redirect them to /Home/Index.

If it's another error I direct to my error controller and handle the error there.

I hope this helps you. If you want code let me know.

griegs  2010-01-06 22:43:49
+1  A: 

I was able to solve this problem by adding a small web.config file in my ~/Files directory that rebuffs all attempts at exploration through the web. The web.config is very similar to what ASP.NET MVC puts in the Views directory by default:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <httpHandlers>
      <add path="*" verb="*" type="System.Web.HttpNotFoundHandler"/>
    </httpHandlers>
  </system.web>

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <handlers>
      <remove name="BlockViewHandler"/>
      <add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>
    </handlers>
  </system.webServer>
</configuration>
Freewalker  2010-03-24 00:11:35

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data