限制对附件文件夹的直接文件访问 [英] Restrict direct file access of our attachment folder

问题描述

我们有这个网站，我们还提供签证申请模块.签证申请模块要求用户创建一个帐户.每当用户上载附件时，附件就会保存在附件中的特定文件夹中.此特定文件夹对应于分配给每个用户的唯一生成的号码.

We have this website where we also have a visa application module. The visa application module requires the user to create an account. Whenever the user uploads attachments it is saved in a specific folder inside attachments. This specific folder corresponds to a uniquely generated numbers that is assigned to each user.

现在我需要的是，如果用户不登录，则他们将无法访问附件文件夹中的文件.

Now what I need is if the user is not login they should not be able to access the files inside the attachment folders.

如何使用http处理程序实现该目标?

How can I achieve that using http handler?

我有这个代码

if (HttpContext.Current.Session["UserRegistrationID"] != null)
            {
                if (HttpContext.Current.Session["UserRegistrationID"].ToString() != "")
                {
                    DownloadFile(context);
                }
                else
                {
                    context.Response.Write("You don't have the rights to access this file.");
                    context.Response.Flush();
                }
            }
            else
            {
                context.Response.Write("You don't have the rights to access this file.");
                context.Response.Flush();
            }

protected void DownloadFile(HttpContext context)
        {

        context.Response.ContentType = "image/jpg";
        context.Response.WriteFile(context.Request.PhysicalPath);
        context.Response.Flush();
    }

但是问题是我在Web配置中配置它时遇到问题.

But the problem is I'm having a problem configuring it in web config.

有人知道该怎么做吗?

推荐答案

看看我的答案之一

如何限制未登录的未经授权的用户查看ASP网络中的网页

此规则实际上适用于文件夹，正是您要查找的内容.

This rule is actualy applied to folders, just what are you looking for.

这篇关于限制对附件文件夹的直接文件访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！