ASP.NET MVC限制特定用户访问文件夹内容 [英] Asp.net mvc restrict specific users to access folder content

问题描述

我正在尝试限制用户(管理员除外)访问我的文件夹图像.例如，路径为:

I am trying to restrict users(except admin) to access my folder images. For example the path is:

~/content/images/coverBeg.jpg

如果用户导航到domain/content/images/coverBeg.jpg，则可以看到该文件. 我尝试过其他类型的事情，但没有一个对我有用.在Web配置文件中，我添加了:

If the user navigates to domain/content/images/coverBeg.jpg, he can see the file. I've tryied different sort of things but none of them worked for me. In web config file i've added :

    <location path="~/content/images">
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users ="*" />
      </authorization>
    </system.web>
  </location>

没有成功.之后，我将一个Web配置文件添加到images文件夹，并添加以下代码行:

With no success. After that i've added a web config file to images folder and add those lines of code :

<?xml version="1.0"?>
<configuration>

    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users ="*" />
      </authorization>
    </system.web>

</configuration>

这都不适合我.仍然每个人都可以访问coverBeg.jpg文件

Neither this worked for me. Still everyone can access coverBeg.jpg file

推荐答案

这是因为静态内容(如图像)直接由IIS提供，而不涉及MVC管道. 要更改此设置，您可以执行以下操作:

It's because static content, like images, are served directly by IIS, not involving MVC pipeline. To change that, you can do the following:

添加

<modules runAllManagedModulesForAllRequests="true">

到站点的web.config的<system.webServer>部分.它将为每个请求运行MVC管道，包括静态文件-例如css，js和图像.

to <system.webServer> section of site's web.config. It will run MVC pipeline for every request, including static files - like css, js and images.

然后您从上面进行的配置将起作用(我的意思是您的第二种方法).

Then your config from above will work (I mean your 2nd approach).

这篇关于ASP.NET MVC限制特定用户访问文件夹内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！