Can a user browsing my Web site read my Web.config or Global.asax files?

 Posted by Poster on 7/1/2008 | Category: ASP.NET Interview questions | Views: 7704

No. The <HTTPHANDLERS>section of Machine.config, which holds the master configuration settings for ASP.NET, contains entries that map ASAX files, CONFIG files, and selected other file types to an HTTP handler named HttpForbiddenHandler, which fails attempts to retrieve the associated file. You can modify it by editing Machine.config or including an section in a local Web.config file.

Source: | Asked In: Many Interviews | Alert Moderator 

Comments or Responses

Posted by: Raja on: 10/10/2008
With standard setting, its impossible to read the web.config file and global.asax file.

Login to post response