问题描述

我有我的网站，其中包含一些文件（通常是HTML）的根目录。这些文件只应为登录用户进行访问。我怎样才能做到这一点？我相信这可以使用模拟来完成，但我没有任何关于我如何才能准确地实现它的想法。能否请你指导我正确的方向？

I have a directory on the root of my website which contains some files(usually html). These files should be accessed only for the logged-in user. How can I achieve this? I believe this could be done using impersonation but I don't have any idea about how exactly I can implement it. Could you please guide me on right direction?

目前，我已经添加了这些设置，我的Web.config文件：

Currently, I have added these settings to my Web.config file:

<location path="TestData"> <!-- 'TestData' is the directory which I want to deny access for -->
    <system.web>
        <identity impersonate="true"/>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>

这有什么，我在编码呢？

Is there anything that I have to do in coding?

PS：这是一个Web服务应用程序

PS: This is a webservice application.

更新：它的工作原理部分！要具体：
它否认只有的.aspx 页面，甚至登录的用户也无法访问这些文件。

Update: It works partially!!! to be specific:It denies only the .aspx pages and even the logged-in user too cannot access the files.

我用窗口认证。

推荐答案

您不需要进行模拟。如果你有表单或Windows身份验证，你的＆LT;？拒绝用户= /＆GT; 将拒绝所有匿名用户。要回答你的问题：不，你没有明确拒绝你的code中的任何用户

You don't need to impersonate. If you have forms or windows authentication, your <deny users="?"/> will deny all anonymous users. To answer your question: no, you don't have to explicitly deny any users within your code.

为了确保non-ASP.NET文件，你需要注册一个的HttpHandler 将做到这一点。请参阅

In order to secure non-ASP.NET files, you will need to register an HttpHandler that will do this. Please see this reference on how to register the handler.

这篇关于ASP.Net目录安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！