I'm using ASP.NET MVC with IIS 7.0. I've got 404 errors hooked up fine through my Application_Error override.
In addition to "Controllers", "Models", "Helpers" etc. I have a directory called 'Files' that I use to store user-uploaded files. When I go to http://www.mysite.com/files, instead of getting a 'Not Found' I get a default IIS 403 page that gives way too much information (e.g. exact directory structure of the server):
HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.
If I try to access http://www.mysite.com/controllers or http://www.mysite.com/helpers, which are both existing directories with code files, I get a 404 page, which is what I want. I don't want the user to know anything about my directory structure.
Why is MVC not handling the /files directory?
I figured this one out. The reason the Views directory was returning a proper '404' page but the Files directory was returning a too-much-information ASP.NET 'no permissions' page: there is a web.config file in the Views directory that prohibits showing files. It has the snippets below to stop MVC from serving the directory.
I just added a similar web.config file to my Files directory, and MVC now acts like the directory doesn't exist, which is exactly what I want.
<httpHandlers>
<add path="*" verb="*"
type="System.Web.HttpNotFoundHandler"/>
</httpHandlers>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<remove name="BlockViewHandler"/>
<add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>
</handlers>
</system.webServer>