保护 MVC 中的文件夹 [英] Protecting folders in MVC

问题描述

我的 Content 文件夹中有一些文件，我不希望用户未经授权就下载这些文件.如何防止用户通过在地址栏中键入 ...Content/{filename} 来访问文件?

I have some files in my Content folder that I don't want a user to be able to download without being authorised. How do I prevent a user from just getting to the file by typing ...Content/{filename} into the address bar?

推荐答案

有几种可能性.第一个是在 web.config 中使用 标签:

There are a couple of possibilities. The first one consists into using the <location> tag in your web.config:

<location path="Content">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

另一种可能性是将这些文件放在一个没有人可以访问的文件夹中(例如 App_Data 文件夹)，然后有一个控制器动作来提供那些将用 [Authorize] 修饰的文件代码> 属性.

Another possibility is to put those files inside a folder where noone can access (like the App_Data folder for example) and then have a controller action that will serve those files which will be decorated with the [Authorize] attribute.

这篇关于保护 MVC 中的文件夹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！