In asp.net applications, directory browsing has enabled some versions and you let the users see all of the content and structure of your application like the picture below:
To the best of my knowledge, in order to disable the directory browsing, there are two ways: by web.config and IIS. In web.config file you just need to add the following piece of code:
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
and In IIS, you have to disable the configuration manually:
Actually, both of them are the same. But in asp.net core, as the structure has been changed, you can handle the mentioned feature by code. In web asp.net core, static files are located in a folder named wwwroot. In the configure method of Startup class you can call the UseFileServer() and set the enableDirectoryBrowsing as false:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseMvc();
app.UseFileServer(enableDirectoryBrowsing: false);
}