阻止访问asp.net的静态内容-MVC应用 [英] prevent access to static content of asp.net - mvc app

问题描述

我们有asp.net MVC和角度应用.我们正在使用identityserver3对应用程序进行访问控制. 除了一件事情，一切都按预期进行. 未经授权的用户仍然可以访问应用程序的静态内容.

We have asp.net MVC & angular application. We are using identityserver3 for access control to the application. Everything is working as expected, except one thing. Unauthorized users still have access to static content of the application.

在用户登录之前，有什么方法可以拒绝对这些文件的访问吗?

Is there any way to deny access to those files before user log in ?

推荐答案

以下是该链接的链接，该链接使我找到了解决方法=>

Here is the link to the great post which led me to the solution => Intercepting file requests

我为解决问题而采取的步骤:

Steps I've taken to solve my problem:

1. 将此行添加到我的webconfig文件中. 这将确保处理程序不会处理js文件请求.

1. Added this line to my webconfig file. This will make sure that js files request wil not be processed by handler.

 <system.webServer>
    <handlers>
       <add name="JSFileHandler" path="*.js" verb="GET"
           type="System.Web.Handlers.TransferRequestHandler"      
           preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
</system.webServer>

注册路线.

Register route.

    routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

    routes.RouteExistingFiles = true;
    routes.MapRoute(
        "staticfiles"
        , "{*src}"
        , new { Controller = "Main", action = "GetJS" }
        , new { src = @"(.*?)\.(js)" }                     // URL constraints
    );

从控制器操作中返回文件

Return file from controllers action

public ActionResult GetJS()
{

   var path = this.Url.RouteUrl("staticfiles");
   return File(path,
       System.Net.Mime.MediaTypeNames.Application.Octet,
       Path.GetFileName(path));
}

这篇关于阻止访问asp.net的静态内容-MVC应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！