在ASP.NET Web应用程序的授权文件访问 [英] Authorized File access in ASP.NET Web Application
问题描述
能否有人请你帮我弄这个想法?我有,我想在网站目录访问文件做授权的C#应用程序的网站
Can some one please help me to get an idea on this? I have a C# website application in which I want to do authorization for accessing the documents in website directory.
如果为一个文件的用户请求通过我的网站, HTTP链接PDF说:// WWW .mywebapp.com /文件/的test.pdf ,在浏览器中打开中的test.pdf之前,其实我是想验证用户被授权访问基于角色,他得到了PDF格式。我已经启用窗体身份验证在IIS中的文件夹文件,并系统重定向,如果用户没有通过验证登录页面。我都与不错,但坚持了授权。
If user requests for a document say pdf through a link in my website, http://www.mywebapp.com/documents/test.pdf , before opening the test.pdf in browser, I actually want to verify the user is authorized to access the pdf based on role he got. I have enabled forms authentication for the folder "documents" in IIS and system is redirecting to login page if user is not authenticated. I'm all good with that, but stuck with authorization.
,因为它会为不同用户的不同,我不能设置在web.config中的角色。用户角色存储在的HttpCookie为特定用户。
I can't set the roles in web.config since it would different for different users. User role is stored in httpcookie for that particular user.
在我的文档文件夹中会有针对不同的角色不同的文档。
And in my documents folder there would be different documents targeted for different roles.
为说叫角色供应商的test.pdf。因此,只有供应商可以访问此PDF
Say test.pdf for role called vendor. So only vendors can access this pdf
另一份文件form.pdf的角色只供应商 - 用户角色的供应商可以看到这个PDF文件。
Another document form.pdf for role supplier- only users with role supplier can see this pdf .
我应该写一些处理程序加载在浏览器中的PDF之前执行?
或当过请求当属/文件/我应该有一个URL重写执行一个aspx页面来验证授权,如果授权显示的页面?
Should I write some handler to execute before loading the pdf in browser? Or when ever requests comes as /documents/ should I have a URL rewrite to execute an aspx page to verify the authorization and if authorized display the page?
任何人可以帮我获得关于如何执行此授权的想法。
Can anybody please help me to get an idea on how to implement this authorization.
鸭preciate您的帮助!
Appreciate your help!
谢谢,
KK
Thanks, KK
推荐答案
看起来像你的问题是我怎么能在我的网页检查cookie值,并与正确的文档类型返回一个文件的流时,cookie是OK。
Looks like your question is "how I can check cookie value on my page and return stream of a file with correct document type when cookie is ok".
- 确保你正在处理所有请求(更容易使用MVC比的WinForms做的,但有可能在以后的太)
- 读取和验证的cookie
- 如果返回文件检查通过后,不要忘记设置内容diposition和内容类型标头。文件再次导致MVC是更容易使用...确保如果使用模拟读下正确的帐户文件内容。
这篇关于在ASP.NET Web应用程序的授权文件访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
