保护 MVC 中的文件夹 [英] Protecting folders in MVC
问题描述
我的 Content 文件夹中有一些文件,我不希望用户未经授权就下载这些文件.如何防止用户通过在地址栏中键入 ...Content/{filename} 来访问文件?
I have some files in my Content folder that I don't want a user to be able to download without being authorised. How do I prevent a user from just getting to the file by typing ...Content/{filename} into the address bar?
推荐答案
有几种可能性.第一个是在 web.config 中使用
标签:
There are a couple of possibilities. The first one consists into using the <location>
tag in your web.config:
<location path="Content">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
另一种可能性是将这些文件放在一个没有人可以访问的文件夹中(例如 App_Data 文件夹),然后有一个控制器动作来提供那些将用 [Authorize] 修饰的文件
代码> 属性.
Another possibility is to put those files inside a folder where noone can access (like the App_Data folder for example) and then have a controller action that will serve those files which will be decorated with the [Authorize]
attribute.
这篇关于保护 MVC 中的文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!