asp.net MVC安全根文件夹仅适用于授权用户 [英] asp.net MVC secure root folder only for authorized users
问题描述
我有一个小型的Extranet服务,用户可以在其中登录,获取各种信息并下载少量文件.
I am having this small extranet service where users can log in, get all sorts of info and download few files.
是否可以在MVC asp.net项目中保护根文件夹?我有一个项目,用户必须先登录才能使用任何材料.如果我对每个pdf,jpg等文件都使用"/material"文件夹,那么其他未经授权的用户也可以看到这些文件.
Is it possible to secure root folder in MVC asp.net project? I am having a project where users have to log in before using any material. How ever if I use for example "/material" folder for every pdf, jpg, etc. files, other unauthorized users can see those files also.
例如,如果每个人都输入www.example.com/material/pdf-file.pdf,则每个人都可以看到此文件,因此,我只希望授权/登录的用户看到此文件.这可能吗?
For example everybody can see this file if they type www.example.com/material/pdf-file.pdf So I want only authorized / logged users to see this file. Is this possible?
推荐答案
可以这样做,但是有很多方法可以实现.
It's possible to do that, but there are a lot ways to accomplish that.
一种简化的情况可能是:
A simplified scenario could be:
- 在IIS上禁用目录列表
- 创建自定义的下载包装"控制器+操作,以提供这些文件.
- 然后,无论您在哪里创建操作链接,都可以使用
- 在包装器"控制器上,您可以使用 FluentSecurity 处理授权.
- Disable directory listing on IIS
- Create a custom "download wrapper" controller+action for the purpose of serving of those files.
- Then wherever you create Action links, generate them using a
HtmlHelperwhich would redirect the client to the "wrapper" controllers action. You can pass the filename in a parameter. - On the "wrapper" controller you could utize the
[Authorize]attribute or better yet, without using such attributes everywhere you could use FluentSecurity for handling the authorization.
创建包装器"控制器后,用于获取文件的URL看起来像:
After you create the "wrapper" controller your URL for getting a file could look like:
www.example.com/下载/文件/pdf-file.pdf
www.example.com/download/file/pdf-file.pdf
此示例URL假定 controller 名称为'download',而 action 名称为'file'.
This example URL assumes controller name is 'download' and action name is 'file'.
这篇关于asp.net MVC安全根文件夹仅适用于授权用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
