Block directory access for all except umbraco admin

0
votes

I have a folder i created residing under the Default Umbraco directory. I have tried adding a web.config file inside this newly created folder and then added the below configuration

<configuration>
<system.webServer>
      <security>
          <authorization>
             <allow user="umbracoUsername"/> 
             <deny users="*"/>
          </authorization>
      </security>
  </system.webServer>
</configuration>

The purpose is to allow only Umbraco admins (as in the group that is set as Administrators) to access this directory and contents and no one else.

The above allows all users to access this directory/contents and all examples I've seen are similar to the above.

Is there something im doing wrong? The site is running under IIS (Windows Server 2012) and im using Umbraco 7.

1
iisweb-configumbracoumbraco7

1 Answers

0
votes

Your web.config configuration is wrong, you can refer to the following code:

<configuration>
<system.web>
    <!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
    <authorization>
        <deny users="?" />
    </authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the umbracoonly. It is located in the same folder as this configuration file. -->
<location path="umbraco">
    <system.web>
        <authorization>
            <allow users ="*" />
        </authorization>
    </system.web>
</location>
</configuration>

More information about configure access to a specific file and folder you can refer to this link:Configure access to a specific file and folder