1

I am using ASP.Net MVC to develop my website

I have hosted my website on Azure and my website url is like "https://myazurewebsite.azurewebsites.net". I have a login page to my website, without login they can not browse any of my Views.

But if i use URL like https://myazurewebsite.azurewebsites.net/js/myJS.js, then browser is rendering my js file. I don't want to show my JS files to unauthorized users.

I there any way to stop this through configuration or through code?

Avinash
  • 2,053
  • 2
  • 14
  • 32
  • Jason, first fix(modifying the web.config) is also stopping js from actual views also. I mean direct broowsing of js files should not work but from view i should access the JS files. Could you please let me know if there is any way i can fix this. – Avinash Apr 09 '20 at 17:59
  • Second fix(keeping in blob storage) obviously works it requires lot of changes in my code. could you please update the first fix to work js with actual pages. – Avinash Apr 09 '20 at 18:01
  • Thanks a lot for your help. I have updated my answer below.. – Avinash Apr 14 '20 at 21:40

1 Answers1

2

I have solved this issue by adding below lines in my web.config.

<security>
      <requestFiltering>
        <filteringRules>
          <filteringRule name="protectjs" scanUrl="true" scanQueryString="true">
            <scanHeaders>
              <clear />
              <add requestHeader="Accept" />
            </scanHeaders>
            <appliesTo>
              <clear />
              <add fileExtension=".js" />
              <add fileExtension=".css" />
            </appliesTo>
            <denyStrings>
              <clear />
              <add string="text/html" />
            </denyStrings>
          </filteringRule>
        </filteringRules>
      </requestFiltering>
    </security>
Avinash
  • 2,053
  • 2
  • 14
  • 32