本文介绍了如何防止匿名用户使用表单身份验证访问文件?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们正在使用表单身份验证来对用户进行身份验证.在我们的应用程序中,有一个页面可以下载exe.

We are using forms authentication to authenticate users. In our application there is a page to download an exe.

当我在Visual Studio中调试代码时,它仅允许登录用户下载文件.当其他用户尝试下载文件时,他们会自动重定向到登录页面.

When I am debugging the code in visual studio, it allows only logged-in users to download the file. When other users try to download the file, they are automatically redirected to the login page.

但是,当我从虚拟目录运行此文件时,所有用户(无论是否已登录)都可以通过访问直接路径(例如 http://testappln/foldername/test.exe .

But when I am running this from a virtual directory, all users (whether logged-in or not) can download the file by accessing the direct path like http://testappln/foldername/test.exe.

在这种情况下如何防止未经授权的用户访问?

How to prevent accessing of unauthorized users in this situation?

推荐答案

一种可能性是将文件放入禁止直接访问的 App_Data 文件夹中,然后使用通用的ASHX处理程序进行读取文件的内容,并将其返回给客户端.然后,您可以只允许经过身份验证的用户访问此通用处理程序:

One possibility is to put the file inside the App_Data folder which is forbidden direct access to and then have a generic ASHX handler to read the contents of the file and return it to the client. Then you could restrict the access to this generic handler to only authenticated users:

<%@ WebHandler Language="C#" Class="Download" %>

using System;
using System.Web;

public class Download : IHttpHandler
{
    public void ProcessRequest (HttpContext context)
    {
        context.Response.ContentType = "application/octet-stream";
        context.Response.WriteFile("~/App_Data/test.exe");
    }

    public bool IsReusable
    {
        get
        {
            return false;
        }
    }
}

,并在您的web.config中,限制对 Download.ashx 处理程序的访问:

and in your web.config you restrict the access to the Download.ashx handler:

<location path="Download.ashx">
    <system.web>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>

这篇关于如何防止匿名用户使用表单身份验证访问文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

05-27 02:01
查看更多