在asp.net MVC的,有没有一个好的图书馆或图案遵循节约用户的内容(图片,文件等)时, [英] in asp.net-mvc, is there a good library or pattern to follow when saving users content (images, files, etc)
问题描述
我有我的网站的管理部分,其中作家可以上传像图片照片画廊等文件在我的网站的动态内容的部分以后包括。我所在的HTML本身存储在我的MySQL数据库,用户可以使用CKEditor的界面编辑内容某些页面。
i have an admin section of my website where "authors" can upload files like pictures for photo galleries, etc to include in dynamic content sections of my website later. I have certain pages where the html itself is stored in my mySQL database and users can edit the content using ckeditor interface.
我试图看看是否有一些利用,将文件保存到正确的目录,并在以后检索它们或者我应该只写这一切从零开始。此外,寻找经验教训,事情要小心的(安全性,等等。)
i am trying to see if there is something to leverage that will save files to the right directory and retrieve them later or i should just write this all from scratch. Also, looking for lessons learned and things to be careful on (security, etc . .)
推荐答案
我要一刺这个。我们有一个类似的做我们做什么,我们做的'推出我们自己的事的应用程序。用户可以通过我们的应用程序接口上传文件(图片,文件,等等)这些文件确实有用户/公司/角色敏感权限。为了减轻一些安全问题和其它一些原因,我们实施了以下
I'll take a stab at this. An application that we have that does something similar we did and we did the 'roll our own thing'. Users can upload files (images, documents, whatever) through our application interface and these files do have user/company/role sensitive permissions. In order to mitigate a few security concerns and for a few other reasons, we implemented the following.
-
在Web应用程序中,我们创建了一个用于存储所有用户生成内容的'资产'的文件夹。然后,我们使用的子文件夹来帮助段内容(标识,文件等)。
In the web application, we created an 'Assets' folder that is used to store all of the user generated content. We then use subfolders to help segment the content (logos, files, etc).
在web.config中,我们配置这个文件夹无法从浏览器访问(认为像App_Data文件或文件夹仓),通过下面的代码(这样做是为了确保没有这些文件可以被访问。直接从浏览器中看到更多的点#4):
In the web.config, we configured this folder to not be accessible from the browser (think like the App_Data or bin folders) with the following lines (We did this to ensure that none of these files could be accessed directly from the browser. See more on point #4):
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Assets"/>
</hiddenSegments>
</requestFiltering>
</security>
在文件上传,我们存储有关数据库的文件(类型,大小,名称,评论)的相关信息。这也让我们对有关文件的作用和用户安全信息。
Once a file is uploaded, we store the relevant information about the file in database (type, size, name, comments). This also allows us to relate role and user security information on the file.
为了检索文件,我们实施了一组动作,是以请求的文件名和用户信息(因为你必须要登录),并从资产文件夹返回文件的控制器。对于最终用户,它看起来像所有的文件都存储在/文件/文件/写到FileID或类似的东西,但实际上这只是一个前端的看门人的文件本身。该控制器/ action方法返回一个404,如果你不授权或如果你要求一个坏文件。对于文件的命名,我们只是生成的GUID并命名文件GUID.relevantExtension(检查一个不存在的话)
In order to retrieve the files, we implemented a controller with a set of actions that takes the requested file name and user information (since you have to be logged in) and returns the file from the Assets folder. To the end user, it looks like all files are stored in /Files/Docs/FileID or something similar but in actuality this is just a front-end 'gatekeeper' to the files themselves. This controller/action methods return a 404 if you are not authorized or if you request a bad file. For file naming, we just generate GUIDs and name the file "GUID.relevantExtension" (checking that one doesn't exist already)
我猜教训或诸如此类的东西,最重要的事情是,你不公开的文件直接尤其是如果用户没有共享内容。此外,这可能是个人的preference,如果不小心,我不是在数据库中存储文件,大可以发动战争它似乎导致分页和缓存的性能(问题不是在谈论SQL 2008文件列中任一)。希望这有助于!
I guess for lessons learned or whatnot, the biggest thing is that you do not expose the files directly especially if users are not sharing content. Also, and this is probably personal preference and could start a war if not careful, I am not big on storing files in the database at it seems to cause issues with paging and caching performance (not talking about SQL 2008 File column either). Hope this helps!
的修改的 - 在这样做的另一个想法,做从VS.发布时要注意这些上传的文件是不是你的解决方案的一部分,如果你做删除上传类型出版,你会蜡你的用户文件。只是谨慎的话(在那里:/)
EDIT - Another thought on doing this, be aware when doing publishing from VS. These uploaded files are not part of your solution and if you do the Delete the Upload type publishing, you will wax your users files. Just word of caution (been there :/)
这篇关于在asp.net MVC的,有没有一个好的图书馆或图案遵循节约用户的内容(图片,文件等)时,的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
