如何限制文件的下载 [英] how to restrict a file from being download

问题描述

我开发了一个网站并将其部署在IIS上，然后创建了一个基于窗口的应用程序，并尝试从已部署的应用程序中下载一些文件.借助WebClient.dowonloadFile(http://192.168.1.1/test/default.aspx)，我可以下载该文件.

因此很显然，我的网站不安全，如何限制文件的下载.如果我要下载文件，则在没有证书帮助的情况下会出现错误

如何完成我的任务.

感谢advnace

I have devloped a website and deploy it on IIS, then i have a create a window based application and trying to download some files from my deployed application. with the help of WebClient.dowonloadFile(http://192.168.1.1/test/default.aspx) and i can donwload that file.

So it is clear that my website is not secure, How to restrict files from being download. and if i want to download file then without help of credential it gives me error

how to accomplish my task.

Thanks in advnace

推荐答案

您没有解释如何限制下载，但是很可能您只允许某些通过身份验证的用户下载.要了解它，请阅读:
http://msdn.microsoft.com/en-us/library/eeyk640h.aspx [ ^ ].

基于身份验证，不仅可以控制下载，还可以限制呈现页面的下载，从该页面可以下载文件.现在，如何下载自身呢?

通过下载，最简单的形式就是这样:

You did not explain how would you want to restrict the download, but most likely you would allow some downloads only for authenticated users. To learn about it, read this:
http://msdn.microsoft.com/en-us/library/eeyk640h.aspx[^].

Based on authentication, not only you can control the download, you can even restrict rendering the page from which one could download a file. Now, what about downloading itself?

With download, the simplest form is as simple as this:

<a href="myFile.zip">Download myFile.zip</a>

这是您不能限制"的事情.因此，要提供限制，您需要使用更复杂的方法.

您可以使用某些控件来发布对文件的请求，例如，单击按钮时单击一个按钮.服务器部分应使用该文件生成HTTP响应.请注意，您甚至不需要服务器主机上文件系统中的文件.该文件仍然是即时生成的.客户端的正确下载"行为由适当的HTTP标头指示，在这种情况下，这是内容配置".在此问题的答案的代码示例中显示了这一点:
http://stackoverflow.com/questions/2009057/download-file-from-server- asp-net [^ ].

请注意，此代码示例还通过请求的文件扩展名"演示了一些基本限制. (请参见示例代码中的字符串不允许使用文件扩展名".)同样，由于这是您的代码，因此您需要施加限制.这个示例足以让您理解.

—SA

This is something you cannot "restrict". So, to provide restrictions, you need to use more complicated approach.

You can have some control to post a request for the file, for example, a button on a button click. The server part should generate HTTP response with the file. Note, that you don''t even need a file in the file system on the server''s host. The file is generated on the fly anyway. The correct "downloading" behavior of the client is directed by appropriate HTTP headers, in this case, this is "content-disposition". This is shown in the code sample of the answer to this question:
http://stackoverflow.com/questions/2009057/download-file-from-server-asp-net[^].

Note, that this code sample also demonstrates some rudimentary restriction, by the requested file "extension". (See the string "File extension is not allowed" in the sample code.) Again, as this is your code, you impose the restrictions you want; this sample is enough for you to get the idea.

—SA

这篇关于如何限制文件的下载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！