设置Autorization规则在ASP.NET MVC 3应用处理器的ashx [英] Setting Autorization rules for ashx handler in ASP.NET MVC 3 application
问题描述
我在我的MVC 3应用程序中实现javascript文件上传功能,因此我需要使用HTTP处理程序(ashx的),让大文件的上传。现在,我需要以某种方式禁止未经身份验证的用户呼叫处理的方法。如果我有一个控制器,我只想[授权] attibute适用。但是当应用于HTTP处理程序的方法,属性工作?如果没有,我怎么能只允许拥有当前会话cookie做出HTTP处理程序调用的人呢?
I am implementing a javascript file upload functionality in my MVC 3 application and therefore I need to use Http Handler (.ashx) to allow large file upload. Now I need to somehow forbid unauthenticated users to call handler's methods. If I had a controller, I would simply apply [Authorize] attibute to it. But does the attribute work when applied to an Http Handler's method? IF not, how can I allow only people that have a current session cookie to make calls to Http Handler?
推荐答案
您可以使用<地点>在你的web.config 部分为拒绝访问〜/ upload.ashx 匿名用户:
You could use the <location> section in your web.config to deny access to ~/upload.ashx to anonymous users:
<location path="upload.ashx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
注:绝不会使用&LT;地点&gt; 标签来控制授权的ASP.NET MVC控制器动作和路线。使用内置的 [授权] 属性来装点相应的控制器/动作。
Remark: never use the <location> tag to control authorization with ASP.NET MVC controller actions and routes. Use the built-in [Authorize] attribute to decorate the corresponding controller/action.
这篇关于设置Autorization规则在ASP.NET MVC 3应用处理器的ashx的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
