Hello, Apologies if this has been touched upon before. I need to secure my website folders in the same manner that the APP_DATA folder is. I have tried to set up my live site in IIS and thought I had been successful, as I added the IP and URL to the binding and if I hit browse in IIS it does indeed go to the correct url. However, when I expand the live website in IIS Sites it shows the folders from my Localhost. I added the deny unauthorized rule and sure enough it works on my http://localhost/xxxxx folder. I get the same message that i receive when trying to access my live APP_DATA folder, but not on the live folder. Anyone tell me how to resolve this? Also, am I correct in saying, as seems validated by the addition of the deny rule, that the deny rule will trump the Allow all Users rule therefore I do not need to remove the latter? Thanks.
If you want to setup folders with the same permissions as the App_Data folder try looking at the RequestFiltering module. This has been delegated to the user level. This is a simpler and more efficient way to protect certain folders. http://www.petefreitag.com/item/741.cfm http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering
