Hi,
Im working with asp.net 2.0, and i have a folder into my application path ~/Data/ with some .mdb files.
I would like to protect this folder from external request like http://www.whatever.com/Data/whatever.mdb
But i would need to give any permission to my application, cause im using OleDBConnections agains the ~/Data/ Path.
What could be the best way to protect this folder?
Kind Regards. Josema.
In IIS manager and remove at least anonymous access if not all access. Your application code can continue to use its contents but HTTP requests can not access it.
If possible in your situation, another option would be to place the mdb files outside of the website. For example, something like this directory structure:
/ MyProject
/ Data - whatever.mdb / www - Default.aspx
where www is the actual root of your website. That way, users will never be able to access the mdb files from the browser, while you can still use OleDBConnections against the mdb files. To my knowledge this is pretty secure, and this way you can't accidentily forget to disallow access in IIS.