如何存储机密PDF文档(文件系统与SQL),如果我们只使用窗体身份验证 [英] How to store confidential PDF documents (file system vs. SQL) if we only use forms authentication
问题描述
因此,这里是我的处境。我们有一个web应用程序处理的案件管理。对于每一种情况下,通常有几个PDF文档。我公司previously存储在一个标准的文件柜这些文件。当我们不得不寻找一个情况下,我们会去到Web应用程序,找到案件的资料,然后去档案柜这使事情伤透了脑筋。我想开发一种方法,使用户可以通过上传的Web应用程序的文件,并将它们连接在一起,这样,当你找到它的Web应用程序,你可以点击一个链接,以获得相关文件。
So here's my situation. We have a web app that handles case management. For each case, there are typically several PDF documents. My company previously stored these documents in a standard filing cabinet. This made things a headache when we had to look up a case as we'd go to the web app, find the case information, then go to the filing cabinet. I want to develop a method so that users can upload the documents via the web app and link them together, so that when you find it on the web app you can just click a link to get the associated files.
在Web应用程序中,我们使用窗体身份验证。对于每一个ASPX页面,我检查的cookie,如果存在的话,他们是好去。否则,他们重定向到登录页面。
On the web app, we utilize forms authentication. For each ASPX page, I check for the cookie and if one exists they're good to go. Otherwise, they're redirected to the login page.
不过,我现在已经打了一个路障。我打算只上传PDF文件到服务器并创建案件表中的列,将返回在文件服务器上的链接文件。那么问题是,如果用户没有登录(或他们已经离开公司),他们只是复制并粘贴链接到地址栏和BAM他们现在有机会获得这种情况下的文件信息。这不可能发生。
However, I've now hit a roadblock. I was planning on just uploading the PDFs to the server and create a column in the Cases table that would return the link to the document on the file server. The issue then, is if the user isn't logged in (or they've left the company) and they just copy and paste the link into the address bar and BAM they now have access to that case's file information. This cannot happen.
其他解决方案只是存储在SQL Server 2008 R2中的文件。不过,我读了很多的性能问题等方面的信息所以,我不能完全肯定,如果这是最好的解决方案。目前,它是唯一一个。
The other solution is just storing the files in SQL Server 2008 R2. However, I've read a lot of information about performance issues, etc. So, I'm not entirely sure if that's the best solution. Currently it's the only one.
如果任何人有一些想法,以我能怎么回事处理这种情况,我将不胜AP preciate任何和所有的反馈。
If anyone has some thoughts as to how else I could handle this scenario, I would greatly appreciate any and all feedback.
谢谢,
安德鲁
Thanks, Andrew
推荐答案
您是真正处理两个不同的问题在这里:该文件的文件存储系统和安全
You are really dealing with two different issues here: storage system for the documents and security for the documents.
在存储地点方面,你可以直接在文件系统中存储它们或使用SQL 2008的FILESTREAM功能保存。
In terms of storage location, you can store them directly in the file system or store them using SQL 2008's FileStream feature.
在确保他们而言,我会去类似于弗洛伊德式错误暗示什么。有,你传递给它的文件名(或其他一些重要的,如ID,如果在SQL Server将其存储)页面,并让该页面验证用户的权限,读取该文件,并将其推回响应流。
In terms of securing them, I would go with something similar to what FreudianSlip suggested. Have a page where you pass it the document name (or some other key, such as the ID if storing it in SQL Server), and have that page verify the user's authorization, read the file, and push it back in the response stream.
不管是什么,我会建议您更新的web.config实际使用窗体身份验证和授权,所以你不需要每次都明确检查的cookie。它将由asp.net平台进行处理。
No matter what, I would recommend updating your web.config to use actual Forms Authentication and authorization so you don't need to explicitly check the cookie each time. It will be handled by the asp.net platform.
这篇关于如何存储机密PDF文档(文件系统与SQL),如果我们只使用窗体身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
