So I am playing around with Owin and Katana and I want to serve static files in my public folder.
I have a Content folder with stylesheets and a scripts folder.
My Startup:
public void Configuration(IAppBuilder app)
{
#if DEBUG
//when things go south
app.UseErrorPage();
#endif
// Remap '/' to '.\public\'.
// Turns on static files and public files.
app.UseFileServer(new FileServerOptions()
{
RequestPath = PathString.Empty,
FileSystem = new PhysicalFileSystem(@".\public"),
});
}
So if if I browse to localhost:8861/ I go the the index.html file in my public folder. That's ok. But I can also browse to my localhost:8861/Content/style.css which I want to block. Everything the user needs should be accessible in the public folder. All the rest should be blocked.
How can I achieve this?
The configuration of file server is correct and doesn't allow access to other folders. I've checked it within test OWIN self-host project and it works as expected, only public folder can be accessed. I assume that you use IIS to host your OWIN appllication (so your app is not self-hosted). If so, IIS Static File Handler allows aceess to static files and directories (and to your content folder as well). So you can search how to disable access to static files in IIS (can be done in web.config) or how to restrict access to some of them.
You can remove StaticFile Handler from website's configuration, but you should do it carefully because from this moment IIS won't serve static files at all.
<configuration>
<system.webServer>
<handlers>
<remove name="StaticFile" />
</handlers>
</system.webServer>
</configuration>