Asp\asp. NET Web site How to prevent Access databases from being downloaded by others

How to prevent Access database downloads is a very old topic, online discussion is also more. Here are some ways to prevent Access databases from being downloaded under asp.net.

Here we assume that the Access database name is Test.mdb.

1, put the database outside the Web directory

If your site directory is d:www, you can put the database into the D:data folder, and then modify the Web site program in the database connection string address section is: "D:datatest.mdb", so that the database can be called normally, but cannot download, because it is not in the site directory.

Suppose you configure the database connection string in Web.config. For example:

    <connectionStrings>
        <add name= "Access"
 connectionstring=
provider=microsoft.jet.oledb.4.0 ;d ata Source=d:datatest.mdb "providername=" System.Data.OleDb/>
    </connectionStrings>

2, put the database under the App_Data system folder

Starting with the. Net2.0, there is a App_Data directory dedicated to storing data files, which can be used to put Access,sql Server Express, XML and other data files. The advantage of putting a database file in the App_Data folder is to prevent it from being downloaded. The file location of the connection string database can use the DataDirectory key to represent its physical path, thus eliminating the need to use Server.MapPath () conversion when fetching the connection string.

Suppose you configure the database connection string in Web.config. For example:

<connectionStrings>
<add name= "Access" 
connectionstring=
provider=microsoft.jet.oledb.4.0 ;d ATA source=| Datadirectory|test.mdb "providername=" System.Data.OleDb "/>
</connectionStrings>

| Datadirectory| is the representative App_Data folder.

3. Renaming database files

Rename your Access *.asax: Because of the asp.net processing mechanism, the request is rejected directly by default. In this way, you can also rename Access to *.config,*.vb, *.cs, and so on.

4, configure IIS, Add. mdb file type mappings

The way to add an extension map of. mdb is by modifying the IIS settings. Just 2 steps.

1. Configure IIS to map the. mdb file type to the ASP.net ISAPI.

For example, in Windows 2003, click "Start"-"Run-" to enter "Inetmgr" and open Internet Services Manager. Right-click on a Web site-click Properties to eject the site's Properties dialog box. Clicking on the Home Directory tab and clicking on the "Configure" button will display the Application Configuration dialog box. Clicking Add adds a mapping, and a dialog box is displayed to enter the executable file: "c:windows microsoft.net Framework v2.0.50727 aspnet_isapi.dll", and enter the extension: ". mdb". As shown in the following figure

2. Configure the asp.net web.config file to map the. mdb file type to the HttpForbiddenHandler HTTP handler.

Maps the asp.net application. mdb file type to the HttpForbiddenHandler HTTP handle. In order to achieve this step, the following configuration must be added to the Web.config file

   
 
5. Add Access anti-download fields
 
The principle of this method is to change the extension of the database to. aspx format, when the file is accessed remotely by the IIS server as an ASPX program, and we previously inserted the "<%" symbol in the Access database, and the ASP.net program must be in the <%% >, so there is a "missing script close tag" 500 error and no one else can download the Access database. It is not useful to simply add "<%" to the text or Memo field in the database, because access will handle the contents of it, and in the database he will be in <% form. The correct approach is to save the <% in the OLE Object field. The method is as follows:
 
1. First create a table, enter the following in the SQL command window: "CREATE TABLE [Notdown] ([Notdown] OLEObject)"
 
Then click "!" in the toolbar. (run) so that a "notdown" table is created within the current database with the field name "Notdown" and the field type "OLE Object". As shown in Figure 1
 
 

(Figure 1)
 
2. Change the contents of the SQL query window to the following command: "INSERT INTO [Notdown] (Notdown) VALUES (0X3C25)"
 
The meaning of this sentence is to insert the "0X3C25" Data ("0X3C25" as 16 in the character "<%") into the "Notdown" field of the "Notdown" table. As shown in Figure 2
 
 

(Figure 2)
 
Once you've finished, you'll see the table in the database again, and you'll see that there's a "notdown" table in which the field displays "Long Binary data" as shown in Figure 3
 
 

(Figure 3)
 
Admin10000.com here is a good download data sheet notdown, you can download and paste directly into your own database use. Notdown data table
 
Tip 1: Whether the ASP site or ASP.net site, directly to the Access database suffix directly to the. asp and. aspx, with FlashGet and other download tools are not mistaken, can not play a download-proof role.
Tip 2: The 5th method is usually used in the Asp+access Web site.