If I use an URL like http://mysite/myfolder/myfile.dll, I get a dialog "Do you want to open or save this file". Of course, I don't want people to be able to download and disassembly our dll's. How can I deny people accessing such files directly ?
+1
A:
The short answer is that there should be no files which you don't want to serve underneath the web root.
I don't personally know IIS 6 or 7, but under Apache, a directory is designated as the web root, e.g. \site\htdocs, and nothing above it is accessible to the outside. If you keep your DLL files out of that hierarchy, then they are inaccessible.
Julian
2009-01-06 13:04:26
Unfortunately, this is not quite compatible with the way ASP.NET works. (but it wasn't me who downvoted you)
DrJokepu
2009-01-06 13:13:33
@DrJopeku - that doesn't stop juliannicholls's "short answer" sentence from being 100% on the money ;-)
Graham Lee
2009-01-06 14:06:39
@graham lee - not true in asp.net
Shawn Simon
2009-01-07 19:29:17
+4
A:
Usually this is disallowed by default. If you go into the IIS manager and edit the website, you need to uncheck 'script source access.' DLL should also be on the list of forbidden file extensions.
Shawn Simon
2009-01-06 13:08:25
A:
Denying all dll's is drastic in an asp.net site, as Silverlight etc use client dll's that need to be available for download by the client browser.
You could use IIS Management Console or Management API's to disable authentication on the dll's file or directory.
Simply uncheck all authentication options and access will be denied.
Kimoz
2009-01-06 14:30:52