locked
Custom Error when an authorized user tries to access a folder RRS feed

  • Question

  • User-614943948 posted

    I have created an ASP.NET application, like this.

    www.mywebsite.com/management/list.aspx
    www.mywebsite.com/Organization/Users.aspx 

    Simple example that the management and organization folder can contain multiple webpages and multiple sub folders.

    1. I want to hide the extension name of every page
      2. Whenever a user tries to access any of these folders or sub folders it should it shouldn't allow the user to access it and lead to custom error page.

    How can I accomplish this

    Friday, February 5, 2021 12:33 PM

All replies

  • User-939850651 posted

    Hi maverick786us,

    I want to hide the extension name of every page

    If you don't want to display the suffix of the page in the address bar, you can try to use the url rewriting module. Before that, you need to have downloaded and installed the module in the IIS Manager.

    In web.config, you could add these code:

    <system.webServer>
        <rewrite>
            <rules>
                <rule name="RewriteASPX">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="{R:1}.aspx" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>

    This is document: https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module

    Whenever a user tries to access any of these folders or sub folders it should it shouldn't allow the user to access it and lead to custom error page.

    If you want to configure a custom error page for user requests, you can use try...catch to catch exceptions and configure the corresponding customErrors in Web.config.

    Please refer to this document:

    https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-getting-started/deploying-web-site-projects/displaying-a-custom-error-page-cs

    Best regards,

    Xudong Peng

    Tuesday, February 9, 2021 7:20 AM
  • User-614943948 posted

    Thanks Xudong .

    Custom Error is my second priority. My first priority is folder access, within the web application. It shouldn't allow any user to access it. For example

    https://mywebsite.com/folder/subfolder/index.aspz

    Now if some user access my website. and tries something like this.

    https://mywebsite.com/folder/subfolder/
    https://mywebsite.com/folder/

    It should open a custom error page. Also my purpose of hiding the extension name is to encapsulate the user if the application is made in ASP.NET or PHP. Take an example of this forum. None of these pages show the extension name aspx i am looking something similar to this.
     

    Tuesday, February 9, 2021 9:11 AM
  • User-939850651 posted

    Hi maverick786us,

    Custom Error is my second priority. My first priority is folder access, within the web application. It shouldn't allow any user to access it. For example

    If you want to reject requests for these folders, you can configure the <system.webServer> related settings in web.Config, the <hiddenSegments> element contains a collection of <add> elements that identify certain URLs IIS 7 will make inaccessible to clients.

    For more details, you could refer to this document:

    https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/hiddensegments/

    Best regards,

    Xudong Peng

    Wednesday, February 10, 2021 2:33 AM