A small but crucial point about App_Start folder

Wednesday, May 1, 2013

As we know that IIS reject requests which contain folder started with App_ (specifically App_code, App_GlobalResources, App_LocalResources, App_WebReferences, App_Data, App_Browsers folders). Lot of developers put some important files here so that only the application code can access these files and nobody can access these files directly. With the introduction of ASP.NET MVC 4, a new folder App_Start has been included in the application template. But there is a chance that developers put important files in App_Start folder without realizing that this folder is not protected by IIS request filtering module. So, I just want to warn the developers that don't confuse App_* folders with App_Start folder. App_*(see the list above) folders are protected by IIS and App_Start folder is not.

3 Comments

Nice....

vinothharshad - Wednesday, July 10, 2013 10:43:47 AM

I appreciate your immersed interest in learning things in detail and sharing it as well. Will take a note of your Crucial point. Thanks!!

Larry - Monday, July 15, 2013 10:33:23 AM

Excellent find!!!

Z - Wednesday, July 24, 2013 11:33:49 PM

Comments have been disabled for this content.