How can I limit access to glimpse.axd when deploying to production?
I am using a custom RuntimePolicy to ensure that glimpse is not enabled in production however I want to ensure that users do not get to the axd as well.
If we were using authorization from asp.net then I understand that i could protect via location path in web.config but this option is not available to me.
Ideas?
I don't have enough reputation to comment, but I thought it was necessary to save someone from the following mistake in nikmd23's thorough answer:
The arrow points to the issue that deny * will match all users before authorization even gets a chance to allow roles="admin". Reverse this order (as seen below) to reach the desired functionality.
reference: ASP.NET Forms Auth Allowing access to specific file in subdirectory when all others should be denied