使用用户名和密码重定向页面 [英] Redirect page with username and password
问题描述
大家好,
美好的一天.
我有一个Web应用程序,使用户可以下载文件
我正在使用此代码
Response.Redirect("http://xxx/xx.zip")
但是文件"xx.zip"具有安全性,因此我们需要输入用户名和密码,Internet Explorer也会要求输入用户名和密码
但是我需要通过链接传递用户名和密码,因为我不需要用户输入用户名和密码
Hi All,
good day.
I have a web application make the users to download files
i am using this code
Response.Redirect("http://xxx/xx.zip")
but the file "xx.zip" have a security, so we need to enter username and password and the internet explorer ask for username and password as well
but I need to pass the username and password with link because I did not need the user to enter the username and password
I need to redirect to file but the internet explorer will ask the user for username and password and I do not need that, I need when the user click on the link then the download begin without asking for username and password
Please note that the file have NTFS security
请指教.
问候,
Ahmed Elaraby
Please advise.
Regards,
Ahmed Elaraby
推荐答案
让用户在某些文本框中输入用户名/密码,将该信息存储在会话状态中,重定向到能够提供服务的页面zip文件,然后让该页面检查会话以确保存在正确的用户名/密码.您重定向到的URL如下所示:
Have the user enter the username/password in some textboxes, store that information in the session state, redirect to a page that is capable of serving up the zip file, then have that page check the session to ensure the proper username/password exists. The URL you redirect to would look something like this:
http://www.yoursite.com/getfile.aspx?filename=xx.zip
如果在会话状态中找不到用户,则您甚至可以在该页面上询问用户其用户名/密码.
You could even have that page ask the user for their username/password in the event that they aren''t found in the session state.
在链接中添加用户名和密码很不好, 非常非常糟糕.除了巨大的安全性问题.考虑到这一点,如果有人不小心通过电子邮件将链接发送给其他人,那么现在每个人都有原始的邮件用户名/密码.
考虑到这一点,允许用户通过表格输入用户名和密码(例如).用户通过身份验证后,创建某种密钥并使用该密钥来验证链接上的用户名/密码并允许/禁止下载.
Adding the username and password to the link is bad, very very bad. Besides huge security issue. Consider this, if someone accidentally emails the link to other people, now every one has the original mailers username/password.
Consider this, allow the user to enter username and password through form (for example). Once the user is authenticated, create some kind of key and use that key to validate the username/password on the link and allow/disallow download.
这篇关于使用用户名和密码重定向页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!