ASP.NET MVC限制特定用户访问文件夹内容 [英] Asp.net mvc restrict specific users to access folder content
问题描述
我正在尝试限制用户(管理员除外)访问我的文件夹图像.例如,路径为:
I am trying to restrict users(except admin) to access my folder images. For example the path is:
~/content/images/coverBeg.jpg
如果用户导航到domain/content/images/coverBeg.jpg
,则可以看到该文件.
我尝试过其他类型的事情,但没有一个对我有用.在Web配置文件中,我添加了:
If the user navigates to domain/content/images/coverBeg.jpg
, he can see the file.
I've tryied different sort of things but none of them worked for me. In web config file i've added :
<location path="~/content/images">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users ="*" />
</authorization>
</system.web>
</location>
没有成功.之后,我将一个Web配置文件添加到images文件夹,并添加以下代码行:
With no success. After that i've added a web config file to images folder and add those lines of code :
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users ="*" />
</authorization>
</system.web>
</configuration>
这都不适合我.仍然每个人都可以访问coverBeg.jpg文件
Neither this worked for me. Still everyone can access coverBeg.jpg file
推荐答案
这是因为静态内容(如图像)直接由IIS提供,而不涉及MVC管道. 要更改此设置,您可以执行以下操作:
It's because static content, like images, are served directly by IIS, not involving MVC pipeline. To change that, you can do the following:
添加
<modules runAllManagedModulesForAllRequests="true">
到站点的web.config的<system.webServer>
部分.它将为每个请求运行MVC管道,包括静态文件-例如css,js和图像.
to <system.webServer>
section of site's web.config. It will run MVC pipeline for every request, including static files - like css, js and images.
然后您从上面进行的配置将起作用(我的意思是您的第二种方法).
Then your config from above will work (I mean your 2nd approach).
这篇关于ASP.NET MVC限制特定用户访问文件夹内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!