Directory browsing stops working in App_Data directory

Question

Question:

In my ASP.NET web solution, I have a directory called redlines.

Into it, I put this web.config, to make the directory browsable.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <directoryBrowse enabled="true" />
    </system.webServer>
</configuration>

Now it works fine. But when I move the entire redlines directory into App_Data, wanting to browser the folder redlines, I get HTTP 403.

I copy the same web.config into App_Data, because I thought that might help, but it didn't.

What's the problem ? (IIS development server, Visual Studio 2010)

Answer 1

App_Data is a protected folder, you cannot access it via the url. This is baked into the ASP.NET system, I don't know if you can override it? Its the same if you try to download some other reserved files such as web.config.

The App_Data folder is designed to store your sensitive data in it. You can use a HttpHandler to serve up files if you want to give files out that live in there.

Answer 2

App_Data is a hidden folder. Therefore, anything in it will be hidden. If you look in the Request Filtering control panel in IIS Manager, either for the site or the root, you'll see what file extensions & directories are blocked.

It is most definitely not recommened that you change anything in there. It's set like that to protect your app.

If you can accept the risk, then go ahead, otherwise look into another solution. like putting the folder in a different location or creating something to read/write from the folder.

Simon