保护MVC中的文件夹 [英] Protecting folders in MVC
问题描述
我的内容文件夹中有一些我不希望用户未经授权就无法下载的文件.如何防止用户仅通过在地址栏中输入... Content/{filename}来访问文件?
I have some files in my Content folder that I don't want a user to be able to download without being authorised. How do I prevent a user from just getting to the file by typing ...Content/{filename} into the address bar?
推荐答案
有两种可能.第一个是在您的web.config中使用<location>
标记:
There are a couple of possibilities. The first one consists into using the <location>
tag in your web.config:
<location path="Content">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
另一种可能性是将这些文件放在没有人可以访问的文件夹中(例如App_Data文件夹),然后执行控制器操作,该操作将为将用[Authorize]
属性修饰的文件提供服务.
Another possibility is to put those files inside a folder where noone can access (like the App_Data folder for example) and then have a controller action that will serve those files which will be decorated with the [Authorize]
attribute.
这篇关于保护MVC中的文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!