The Code Blogger - Directory Browser And File Server Middlewares In .NET Web Apps

.NET Middlewares Directory Browser and Use File Server

Directory Browser And File Server Middlewares In .NET Web Apps

Post author:Manoj Choudhari
Post published:May 20, 2021
Post category:.NET
Post comments:0 Comments

In this article, let’s have look at two middlewares – one for enabling directory browsing while the other for combining functionality of 3 middlewares into single one.

Directory Browser Middleware

Generally, directory browsing should be disabled on the web applications. It should be part of server hardening. Server hardening is the process of enabling or disabling server features to make the web servers more secure.

Security team generally provides a checklist mentioning all activities/ tasks which should be performed in order to harden the server. One of the task is to disable directory browsing. But still, sometimes directory browsing might be designed on the development machines.

In .NET Framework applications, there used to be a setting in web.config to enable or disable directory browsing. In .NET core (or .NET, as it is called now), it can be enabled via a middleware.

Enable the directory browsing by two steps:

AddDirectoryBrowser in Startup.ConfigureServices.
UseDirectoryBrowser in Startup.Configure

Create an ASP .NET Core web application (MVC) using visual studio. Then modify the Startup class as shown in below snapshot.

Next, when the application is executed, the application would show a directory browser instead of rendering home/index view.

ASP .NET Core Web App with Directory Browsing Enabled

Use File Server

We have seen three different middlewares in recent posts

UseStaticFiles, to serve static files
UseDefaultFiles, to enable serving default documents when no resource is specified in URL
UseDirectoryBrowser, to enable browsing the directory

There is one middleware which combines functionality of these three middlewares – and it is UseFileServer.

If this method is called without any parameters, then it will enable default file and static files middlewares functionality.
Optionally, a parameter enableDirectoryBrowsing: true, to also enable the directory browsing.

Like StaticFileOptions, this file server middleware has FileServerOptions as parameter. It can be used to set the additional options for configuring static file middleware.

Security Consideration

Static files middleware and especially directory browser middleware help serving static files. Anything which is inside the web root directory (by default, web root is a wwwroot directory {content-root}/wwwroot).

If you keep any sensitive files (like files containing some key settings or passwords or secrets in such folder, those files would also be served by these middlewares. Hence when these middlewares are enabled, a security review should be performed to ensure that these middlewares are not leaking any important information.

I hope you find this information useful. Let me know your thoughts.

Tags: .Net, .NET 5, .net core, .NEt Core 3, .NET Core 3.1, .NET Core Startup, .NET Core Web App, .NET Core Web App Mvc, Asp .Net Core, ASP .NET Core 5, Asp .Net Core API, ASP .NET Core MVC, Directory Browsing Middleware, Middleware, Static Files Middleware, Use File Server

Directory Browser Middleware

Use File Server

Security Consideration

Share this article on:

Please Share This Share this content

You Might Also Like

ASP .NET Core API – Fluent Validation RuleSets

Model Validation Attributes in .NET Core Web APIs

AsNoTracking with Identity Resolution In .NET EF Core

Leave a Reply Cancel reply

Share this content