ASP.Net Hidden File Type Restricted File Types

ASP.Net stops you from requesting certain file types and authomatically provides a certain level of security to your configuration and source code files. This is accomplished by registering the file types with IIS and are assigned to HttpForbidderHandler class. This class has the role to simply deny all the requests it receives.

Thus ASP.Net blocks access to Visual Studio project files, Source Code files and some other resources like:

.cs file (C# files)
.vb file (VB.Net files)
.config file (configuration files like web.config file)
.ascx file (ASP.Net user controls)
.vbproj file (VB.Net project file)
.csproj file (C# Project file)
.asax file (Global.asax file containing global.asax events)
.resx file (resource file format consisting of XML entries)
.resources file (specifically designed to create .resources files)

For further details your can refer to web.config.default file in

c:\Windows\Microsoft.NET\Framework\v2.0.50727\Config folder

and find the text

TechDiag-A Technical Diagnostic

Saturday, July 30, 2011

ASP.Net Restricted File Types

ASP.Net Hidden File Type Restricted File Types

c:\Windows\Microsoft.NET\Framework\v2.0.50727\Config folder

System.Web.HttpForbiddenHandler

No comments:

Post a Comment