The bin directory beneath an ASP.NET application's virtual root directory contains the application's private assemblies, including the application's page-class implementations if code-behind files have been used during development.
To secure the application's bin directory and protect your business logic against inadvertent download:
Remove Web permissions .
Remove all authentication settings .
Use the IIS snap-in and ensure that the bin directory does not have Read , Write , or Directory browsing permissions. Also ensure Execute permissions are set to None .
Use the IIS snap-in to remove authentication settings from the bin directory. This results in all access being denied .