HttpForbiddenHandler class is used to prevent certain file types from being downloaded over the Web. This class is used internally by ASP.NET to prevent the download of certain system level files.
To use the HttpForbiddenHandler to prevent a particular file type from being downloaded,refer below.
Create an application mapping in IIS for the specified file type to map it to Aspnet_isapi.dll.
a. On the taskbar, click the Start button, click Programs, click Administrative Tools, and then select Internet Information Services.
b. Select your application’s virtual directory, right-click, and then click Proper- ties.
c. Select Application Settings, click Configuration..
d. Click Add to create a new application mapping.
e. Click Browse, and select c:\winnt\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll.
f. Enter the file extension for the file type you want to prevent being down- loaded (for example, .xyz) in the Extension field.
g. Ensure All Verbs and Script engine is selected and Check that file exists is not selected.
h. Click OK to close the Add/Edit Application Extension Mapping dialog box.
i. Click OK to close the Application Configuration dialog box, and then click OK again to close the Properties dialog box.
Add an <HttpHandler> mapping in Web.config for the specified file type.
An example for the .xyz file type is shown below.
<add verb=”*” path=”*.xyz” type=”System.Web.HttpForbiddenHandler”/>