如何阻止用户如果没有登录不了文件 [英] how to stop user not get files if not login

问题描述

我正在开发的网站有哪些被放置在文件夹中，也给用户提供这些文件的链接，使他们能够下载这些文件的一些文件，我只是允许经过身份验证的用户不是所有的，但是，如果有，谁知道任何用户文件的链接，直接将其放在地址栏，并得到该文件，任何人都可以告诉我，我怎么可以确保该文件只能由授权用户并不是所有的用户下载。

i am developing website there some files which are placed in folder and also provided the links of those files for user so that they can download those files, i am just allowing authenticated user not all but as if there is any user who know the link of file directly put it in address bar and get that file, can anyone tell me that how i can make sure that the file downloaded only by the authenticated user not all users.

推荐答案

您不应该显示直接链接到该文件，则768,16创造这样的代理（我想HTTP处理程序非常适合这一点）。在处理您768,16检查用户authentificated（可能是检查从会话一定的价值），如果是的话不是返回文件，否则返回未找到或别的东西。结果
所以，网址，所有文件都将是这样的：

You should not show direct link to the file, you shoud create something like proxy(i suppose http handler good fit for that). In handler you shoud check that user authentificated(probably check some value from the session), if so than return file, otherwise return not found or something else.
So urls for all files will looks like this:

http://localhost/filesHandler.ashx?file=pathToFile

这篇关于如何阻止用户如果没有登录不了文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！