ASP.Net Core静态文件安全性(专门用于图像) [英] ASP.Net Core static file security (images specifically)
问题描述
我有一个看似很常见的问题,但找不到任何帮助。假设我有一个经过身份验证的用户,将私人照片上传到服务器上的不可浏览文件夹。每个用户在大型文件存储区中都有自己的文件夹,例如...
I have an issue that seems like a very common requirement, but I'm unable to find any help. Let's say I have an authenticated user uploading private photos to non browsable folder on my server. Each user has their own folder in a large file store, like...
/ FileStore / {UserId} /Photos/my_cute_cat.jpg
文件已上传,我将照片的缩略图保存为...
The file is uploaded and I save a thumbnail of the photo like...
/ FileStore / {UserId} /Photos/Thumbs/my_cute_cat_thumb.jpg
该用户想要下载其照片。没问题...
That user wants to download their photo. No problem...
- 用户发送下载请求
- 我授权用户并进行确保他们拥有该特定照片
- 我提供文件
我需要在其中显示缩略图用户的仪表板上的纯旧img标签。 / Thumbs /文件夹未设置为提供静态图像。我不希望/ thumbs /文件夹能够提供静态图片,因为它们仅对授权用户可见。我应该怎么办?
I need display the thumbnail in a plain old img tag on the user's dashboard. The /Thumbs/ folder is not set up to serve static images. I don't want the /thumbs/ folder to be able to serve static images because they should only be visible to authorized users. What am I supposed to do?
推荐答案
如果只是一个小缺点,请考虑在此处使用嵌入式base64图像,并提供更多详细信息:
如何在HTML中显示Base64图像?
If its just a small thumb nail, consider using embedded base64 image with more details here: How to display Base64 images in HTML?
您可以通过将文件编码为base 64格式,并将其编码为base 64格式,从而将base64向下传递给View:
http://www.devcurry.com/2009/01/convert-string- to-base64-and-base64-to.html
You can pass base64 down to the View by encoding the file into a base 64 format as a string explained here: http://www.devcurry.com/2009/01/convert-string-to-base64-and-base64-to.html
使用这种方法,甚至使用FileActionResult通过控制器提供文件,都有一个很大的缺点无法使用CDN交付缓存的内容。您可以采取的措施仍然是静态地提供图片,但是给它们提供长得难以理解的随机名称。当有人要求您提供图片时,您只需向他们提供无法猜测的网址即可。
Using this approach or even using a FileActionResult to serve the file through a controller has the big disadvantage of not being able to use a CDN to deliver the cached content. What you can do to help with this is still serve the images statically but give them obscenely long random names which is unguessable. When someone requests the image from you, then you simply provide them with the unguessable url.
这篇关于ASP.Net Core静态文件安全性(专门用于图像)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
