Ehsan Ghanbari

Experience, DotNet, Solutions

Disable directory browsing in asp.net core

In asp.net applications, directory browsing has enabled some versions and you let the users see all of the content and structure of your application like the picture below:

To the best of my knowledge, in order to disable the directory browsing, there are two ways: by web.config and IIS. In web.config file you just need to add the following piece of code:

 

    <system.webServer>
      <directoryBrowse enabled="false" />
    </system.webServer>

 

and In IIS, you have to disable the configuration manually:

 

 

Actually, both of them are the same. But in asp.net core, as the structure has been changed, you can handle the mentioned feature by code. In web asp.net core, static files are located in a folder named wwwroot. In the configure method of Startup class you can call the UseFileServer() and set the enableDirectoryBrowsing as false:

 

      public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();
            app.UseMvc();
            app.UseFileServer(enableDirectoryBrowsing: false);
        }



Access to configuration in asp.net core

While I was working with asp.net core, I encountered with getting the configuration setting from the JSON file and After searching on the web I found out that there would be different ways to do that. I tested the following one and it worked. There is a different configuration in each version of Asp.net core in the Main method of program class. you should put the following configuration in this sample in the main method because I didn’t test it with other configurations to ensure you.

 public static void Main(string[] args)

        {

            var host = new WebHostBuilder()

                .UseKestrel()

                .UseContentRoot(Directory.GetCurrentDirectory())

                .UseIISIntegration()

                .UseStartup<Startup>()

                .UseApplicationInsights()

                .Build();



            host.Run();

        }

Then create a class to keeping configuration and creating injection based on it, it's just a simple property:

  public class ConfgurationClass

    {

        public string ConnectionString { get; set; }

    }

Now, in the target class that you want to access your configuration, inject the above class:

public class TestController : Controller

    {

        private readonly ConfgurationClass _connectionStrings;



        public TestController(IOptions<ConfgurationClass> options)

        {

            _connectionStrings = options.Value;

        }



        public IActionResult Index()

        {

            var connectionsString = _connectionStrings.ConnectionString;

            return Ok();

        }

    }

Note that IOption<> is available in Version=1.1.1.0 and above.  But if you run the application now, you would get the injection Error because you haven’t configured DI yet. Put the following piece of code in Startup class to configure the injection:

        public IConfigurationRoot Configuration { get; }



        public Startup(IHostingEnvironment env)

        {

            var builder = new ConfigurationBuilder()

                .SetBasePath(env.ContentRootPath)

                .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)

                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)

                .AddEnvironmentVariables();



            Configuration = builder.Build();

        }



        public void ConfigureServices(IServiceCollection services)

        {

            services.AddOptions();



            // Configure ConnectionStrings using config

            services.Configure<ConfgurationClass>(Configuration);

        }

Remember that appsettings.json is the file that we are reading the connectionString from. Have a nice time!



About Me

Ehsan Ghanbari

Hi! my name is Ehsan. I'm a developer, passionate technologist, and fan of clean code. I'm interested in enterprise and large-scale applications architecture and design patterns. I spend a lot of time on software architecture. Since 2008, I've been as a developer for different companies and organizations and I've been focusing on Microsoft ecosystem all the time. During the past years, Read More

Post Tags
Pending Blog Posts
using Elmah in asp.net MVC4
Using FluentSecurity in MVC
Strategic design
Factory Pattern
time out pattern in ajax
Redis as a cache server
How to use PagedList In asp.net MVC
Multiple submit buttons in asp.net MVC
Domain driven design VS model driven architecture
What's the DDD-lite?