授权 &验证对静态内容的访问 (pdf) [英] Authorize & Authenticate access to static content (pdf)

问题描述

我有一个 asp.net 网络应用，可通过表单身份验证访问.里面的文件夹结构是这样的:-

I have an asp.net web app and accessible with form authentication. Inside the folder structure looks like this:-

\myapp
\document\pdf\hello1.pdf
\document\pdf\hello2.pdf
\document\pdf\hello3.pdf
\document\pdf\hello4.pdf

http://localhost/myapp/document/pdf/hello1.pdf

现在这些 pdf 文件用于应用程序内的锚链接.现在我想强制执行身份验证 &授权限制对这些静态资源的直接访问.如果应用程序外部有访问权限，则应转到登录页面.

Now these pdf files are used in the anchor links within the app. Now i want to enforce the authentication & authorization to restrict the direct access to these static resources. If there is access from outside the app, it should go to the login page.

我无法更改锚标记中文件的路径，因为我在应用程序的许多地方都使用了它.

I cannot change the path of the files in the anchor tags because i used it at many places across the app.

有没有办法处理 web.config ?

Is there a way to do with web.config ?

请提出一些解决方案.

谢谢.

推荐答案

对于 .NET 2.0/3.5/4.0 和 IIS6 我发现以下是强制特定文件夹中的静态文件(例如 .pdf)由.NET:

For .NET 2.0/3.5/4.0 and IIS6 I found that the following was necessary to force static files such as .pdf in a specific folder to be processed by .NET:

1) IIS6 配置:

1) IIS6 configuration:

A.在网站的属性中，转到主目录选项卡，然后单击配置
B.双击现有的应用程序扩展"条目(例如 .ascx)并复制在可执行文件"中找到的路径(此路径将因使用的 .NET 版本而异；因此更容易复制和粘贴)
C.取消添加/编辑应用程序扩展映射的对话框，然后单击添加"以添加新扩展
D.将您在 1B 中复制的路径粘贴到可执行文件"中
E.在扩展名"中放入 .pdf(或其他文件扩展名)
F.根据需要选择所有动词"或限制为"GET等；如果不是服务器上的物理文件，请取消选中验证文件是否存在"
G.在所有对话框上单击确定"

A. In the properties for the website, go to the Home Directory tab and click Configuration
B. Double-click an existing "application extension" entry (such as .ascx) and copy the path found at "Executable" (this path will vary depending on the version of .NET in use; thus it's easier to copy & paste)
C. Cancel the dialog for Add/Edit Application Extension Mapping and click "Add" to add a new extension
D. Paste the path you copied in 1B into "Executable"
E. In "Extension" put .pdf (or other file extension)
F. choose "All verbs" or "Limit to" GET, etc. as needed; un-check "verify if file exists" if not a physical file on the server
G. Click OK on all dialogs

2) web.config 配置:

2) web.config configuration:

A.添加受限目录或文件的位置:

A. add the location for the restricted directory or file:

<location path="your_directory">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
</location>

B.将以下内容添加到 httpHandlers 部分:

B. Add the following to the httpHandlers section:

<add path="*.pdf" verb="*" type="System.Web.StaticFileHandler" validate="true" />

现在 .net 只会将 your_directory 中的 .pdfs 提供给经过身份验证的用户(在我的情况下使用表单身份验证).

Now .net will only serve .pdfs in your_directory to authenticated users (using forms authentication in my case).

这篇关于授权 &验证对静态内容的访问 (pdf)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！