wwwroot以外的.NET Core提供HTML文件无法加载JS文件 [英] .NET Core serving HTML file outside wwwroot can't load JS files

问题描述

我正在尝试通过.NET Core授权保护Angular CLI应用程序安全的各种方法.

I am experimenting with different ways to secure an Angular CLI app with .NET Core Authorization.

为了使其尽可能安全，我想使所有Angular CLI输出文件不公开，并将它们保存在CLI预先配置的默认"dist"文件夹中.

To make it as secure as possible, I would like to keep all of the Angular CLI output files from being publicly available and keep them in the default "dist" folder preconfigured by the CLI.

我可以通过返回PhysicalFileResult ...从授权的控制器加载index.html.

I can load the index.html from an authorized controller by returning a PhysicalFileResult...

public IActionResult Index()
{
    return PhysicalFile(Path.Combine(Directory.GetCurrentDirectory(), "dist", "index.html"),"text/HTML");
}

但是当页面加载时，我在所有bundle.js文件上都得到了404.

But I get 404s on all of the bundle.js files when the page loads.

是否可以通过这种方式为应用提供服务，而无需涉及静态文件中间件或使文件公开可用(最好不必手动为index.html中每个捆绑的js文件更改src)?

Is it possible to serve the app this way without involving the static file middleware or making the files publicly available (preferably without having to manually change the src for each bundled js file in index.html)?

推荐答案

只需将您的授权中间件放在静态中间件之前.

Just place your authorization middleware before the static one.

// has to be first so user gets authenticated before the static middleware is called
app.UseIdentity();

app.Use(async (context, next) => 
{
    // for pathes which begin with "app" check if user is logged in
    if(context.Request.Path.StartsWith("app") && httpContext.User==null)
    {
        // return "Unauthorized"
        context.Response.StatusCode = 401;
        return;
    }

    // If user is logged in, call next middleware
    await next.Invoke();
});

app.UseStaticFiles();

这篇关于wwwroot以外的.NET Core提供HTML文件无法加载JS文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！