Introduction
We all know that XML is a standard format most of the sites use for managing content. Most of the sites use xml for storing data and use XSL and other stylesheets for displaying the data.
The XML files can be browsed as well as a standard web page and the XML format is rendered in the browser.
However, if we would like to deny users from viewing our xml format and data by directly browsing the xml file, we can use the HTTP Handlers effectively.
HTTP Handlers
The HTTP Handlers provide the flexibility to handle different extensions on how they are rendered and to deny access to them.
To deny access to an xml or other static file, the following steps would help
1. Add the following code to your web.config file within the <system.web> & </system.web> tags.
<httpHandlers>
<add verb="*" path="*.xml" type="System.Web.HttpForbiddenHandler"/>
</httpHandlers>
2. In the IIS, right click on your virtual directory and then click properties.
3. Click on the Configuration Button.
4. There will be a list of extensions and the executable paths.
5. Click "Add" and then in the dialog box which opens, browse the location
%windir%\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll in the "Executable" box
6. Enter the extension i.e. .xml for xml files in the textbox "Extension"
7. In the "Verbs" radio button, click on "Limit to" and enter "GET,HEAD,POST,DEBUG"
8. Cick "Ok" then click "Apply" and then "Ok" two times.
9. Now if you try to browse the xml file within that application, you will a "This type of page is not served".
10. The same can be accomplished at the system level by adding the Handlers in the machine.config's http handler section. That will apply for all the asp.net applications running on that system.
Summary
This method is useful when we want to restrict access for certain static files like the above example
|
No responses found. Be the first to respond and make money from revenue sharing program.
|