如何使一个.html文件通过HTTP访问，但只能通过一个重定向？ [英] How to make a .html file accessible through HTTP but only through a redirect?

问题描述

我们有我们的服务器上的文件，通过URL的直接访问，但在这一点上是一个安全问题。

We have a file on our server that's accessible directly through the URL, but it's a security issue at this point.

我们的系统会打开一个弹出窗口中的文件，但您也可以直接直接前往其URL获得的网页。

Our system opens the file in a pop-up window, but you can also get directly to the page by navigating directly to its URL.

怎能prevent这一点，并只允许通过重定向访问文件？

How can we prevent this and only allow access to the file through a redirect?

推荐答案

设置打开的弹出页面上的会话变量：

Set a Session variable on the page that opens the popup:

Session["MainPageVisited"] = true;

和弹出页面上查询该值：

And on the popup page check this value:

if (Session["MainPageVisited"] == null || !Session["MainPageVisited"]) 
{
  Response.Redirect("http://www.example.com/", true);
}

有关此解决方案的工作，你的 HTML 文件将需要担当了 ASPX 。另外，如果你需要它，你可以创建一个HTTP模块的实际 HTML ：

For this solution to work your html file will need to be served as an aspx. Alternatively, you could create a HTTP Module if you need it to be an actual html:

using System;
using System.Web;
public class HelloWorldModule : IHttpModule
{
    public HelloWorldModule()
    {
    }

    public String ModuleName
    {
        get { return "HelloWorldModule"; }
    }

    // In the Init function, register for HttpApplication 
    // events by adding your handlers.
    public void Init(HttpApplication application)
    {
        application.BeginRequest += 
            (new EventHandler(this.Application_BeginRequest));
    }

    private void Application_BeginRequest(Object source, 
         EventArgs e)
    {
    // Create HttpApplication and HttpContext objects to access
    // request and response properties.
        HttpApplication application = (HttpApplication)source;
        HttpContext context = application.Context;
        string filePath = context.Request.FilePath;
        string fileExtension = 
            VirtualPathUtility.GetExtension(filePath);
        if (fileExtension.Equals(".html"))
        {
            if (Session["MainPageVisited"] == null || !Session["MainPageVisited"]) 
            {
              // Handle it
            }
        }
    }

    public void Dispose() { }
}

要注册模块IIS 6.0和IIS 7.0在经典模式下运行

<configuration>
  <system.web>
    <httpModules>
      <add name="HelloWorldModule" type="HelloWorldModule"/>
     </httpModules>
  </system.web>
</configuration>

要注册为IIS 7.0模块中集成模式下运行

<configuration>
  <system.webServer>
    <modules>
      <add name="HelloWorldModule" type="HelloWorldModule"/>
    </modules>
  </system.webServer>
</configuration>

请注意，这是没有测试创建，但它应该把你在正确的轨道上。确保所有请求都通过ASP.NET映射这个工作（集成模式或将通配符应用程序映射）。

Note, this was created without testing but it should put you on the right track. Make sure that all requests are mapped through ASP.NET for this to work (Integrated mode or set wildcard application mappings).

这篇关于如何使一个.html文件通过HTTP访问，但只能通过一个重定向？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！