How to Prevent Access Database downloads on ASP. NET websites
It is a very old topic to Prevent Access Database downloads. There are also many discussions on the Internet. Here we provide several methods to prevent the Access database from being downloaded under ASP. NET.
Assume that the Access database is named test. mdb.
1. Store the database outside the WEB directory
If your website directory is D: \ www, you can put the database in the D: \ data folder, and then modify the database connection string address section in the website program to: "D: \ data \ test. mdb ", so that the database can be called normally, but cannot be downloaded, because it is not in the website directory.
Assume that the database connection string is configured in web. config. For example:
2. Store the database in the App_Data system folder.
From. Net2.0, The App_Data directory exists to store data files. It can be used to store Access, SQL Server Express, XML, and other data files. The advantage of storing database files in the App_Data folder is to prevent downloading. The DataDirectory key can be used to represent the physical path of the file location connected to the string database. Therefore, Server. MapPath () conversion is no longer required when obtaining the connection string.
Assume that the database connection string is configured in web. config. For example:
| DataDirectory | represents the app_data folder.
3. Rename database files
Rename your Access *. asax: Because ASP. NET's processing mechanism directly rejects such requests by default. In this way, you can also rename Access to *. config, *. vb, *. cs, and so on.
4. Configure IIS and Add. mdb file type ing
Add. mdb extension ing. This method is implemented by modifying IIS settings. Only two steps are required.
1. Configure IIS to map the. mdb file type to ASP. net isapi.
Take windows 2003 as an example. Click "start"-"Run-" and enter "inetmgr" and press enter to open "Internet Service Manager ". Right-click a website and choose "properties". The "properties" dialog box is displayed. Click the "main directory" tab and click the "configuration" button. The "application configuration" dialog box is displayed. Click "add" to add a ing. A dialog box is displayed, asking you to enter the executable file: "C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_isapi.dll "; input Extension:". mdb ". As shown in
2. Configure the web. config file of asp.net to map the. mdb file type to HttpForbiddenHandler HTTP handler.
Map the asp.net application. mdb file type to the HTTP handle of HttpForbiddenHandler. To achieve this, you must add the following configuration to the Web. config file.
5. Add an ACCESS anti-download Field
The principle of this method is to convert the database extension. in aspx format, When you remotely ACCESS this file, the IIS server will regard it as An aspx program for execution, and we can only execute it after inserting the "" mark in the ACCESS database, therefore, the 500 error "script disabling Flag missing" will occur, and others will not be able to download the ACCESS database. If you simply add"