如何使用ASP .NET web.config拒绝文件夹和图像访问 [英] How to deny folder and images access using ASP .NET web.config
本文介绍了如何使用ASP .NET web.config拒绝文件夹和图像访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在Asp .net应用程序中,我需要编写一个代码,用于在直接用户尝试访问时拒绝文件夹和图像访问,但相同的图像需要显示在网页上。
我在web.config中使用了以下代码,它阻止访问图像,但也无法在网页中显示。
Hi,
In Asp .net application i need to write a code for denying folder and images access when directly users trying to access, but same images need to display in webpage.
I used Below code in web.config, its blocking access to images , but not able to display in web page also.
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
</modules>
</system.webServer>
<location path="Photos/photos2016">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
我尝试了什么:
What I have tried:
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
</modules> </system.webServer>
<location path="awards/awards2015">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
推荐答案
创建一个获取资源的页面,就好像使用Webforms可能是GetGraphics.aspx?ressourceid = mypicture.png,然后需要一个活动会话或cookie。
如果您使用mvc,您可以使用路由做同样的事情......最终也可以在web.forms中设置,例如
Make a page which will get the ressource, like if using Webforms could be GetGraphics.aspx?ressourceid=mypicture.png which then requires an active session or a cookie.
If you use mvc you can do the same thing with routing ... which ultimately can also be set in place in web.forms like for instance
public class UriActionFilter : System.Web.Mvc.ActionFilterAttribute
{
public override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext filterContext)
{
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
// Sample: somehow identify the user, in case of a custom identity, replace the below line to get the user identifier
var user = System.Threading.Thread.CurrentPrincipal.Identity.Name;
// get the parameter that will let you know what is the image or path that is being requested now
var ctxParams = filterContext.ActionParameters;
// if the user does not have the permission to view, return 403
filterContext.RequestContext.HttpContext.Response.StatusCode = 403;
return;
}
base.OnActionExecuting(filterContext);
}
}
我在这里收到的回复是: c# - ASP .NET MVC - 文件访问 - Stack Overflow [ ^ ]
这篇关于如何使用ASP .NET web.config拒绝文件夹和图像访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文