如何将 javascript 文件的服务限制为仅通过身份验证的用户? [英] How can I limit the serving of a javascript file to only authenticated users?
问题描述
我有一个使用 Identity 2 进行身份验证的 WebAPI 2/AngularJS SPA 应用程序.在本地,我的代码存储用于身份验证的令牌.我想实现一个功能,允许我的应用程序在我的初始 index.html 页面下载后为经过身份验证的用户请求额外的 javascript.
I have a WebAPI 2 / AngularJS SPA application that uses Identity 2 for authentication. Locally my code stores a token for authentication. I would like to implement functionality that allows my application to request additional javascript for authenticated users after my initial index.html page has been downloaded.
有什么方法可以让我的服务器代码只将 javascript 文件 分发给经过身份验证和授权的用户?类似于控制器操作方法仅将数据返回给经过身份验证和授权的用户的方式.
Is there a way I can make my server code give out the javascript files to only authenticated and authorized users? Something similar to the way a controller action method returns data to only authenticated and authorized users.
推荐答案
您可以通过在 web.config 上进行设置来强制静态文件通过服务器以确保身份验证:
You can force the static files to go through the server in order to ensure authentication by setting it up on the web.config:
Web.config
<compilation>
<buildProviders>
<add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
<add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
<add extension=".js" type="System.Web.Compilation.ForceCopyBuildProvider"/>
</buildProviders>
</compilation>
<system.webServer>
<handlers>
<add name="HTML" path="*.html" verb="GET, HEAD, POST, DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
<add name="HTM" path="*.htm" verb="GET, HEAD, POST, DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
</handlers>
</system.webServer>
这将允许我在我的 web.config 中为我想要的位置设置
,例如:
This will allow me to set up <authorization>
in my web.config for the locations I want, like:
位置:脚本/安全/演示
Location: scripts/secured/demo
<authorization>
<allow roles="demo" />
</authorization>
或位置:scripts/secured/
or Location: scripts/secured/
<authorization>
<deny users="?" />
</authorization>
http://msdn.microsoft.com/en-us/library/h0e51sw9(v=vs.85).aspx
最近有一个类似的问题,如果有帮助的话:
A similar question was recently if it helps:
这篇关于如何将 javascript 文件的服务限制为仅通过身份验证的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!