问题描述

我想限制使.txt文件不能下载/显示我的web应用程序。
这是不是我可以在我的web.config文件中设置？

I want to restrict my web app so that .txt files can not be downloaded/shown.Is this something I can set up in my web.config file?

我在配置文件中尝试这样做：

I tried this in my config file:

<system.web>
    <httpHandlers>
        <add verb="*" path="*.txt" type="System.Web.HttpForbiddenHandler" />
    </httpHandlers>
</system.web>

...但它没有任何效果。我使用的IIS7和应用是.NET3.5，可能这有什么关系呢？我知道，这实际上对于.NET 1.0 1.1和2.0工作。

...but it had no effect. I am using IIS7 and application is .NET3.5, could this have something to do with it? I know this would actually work for .NEt 1.0 1.1 and 2.0.

我为这个文档中发现（），在要求部分：

I noticed in the documentation for this (add httpHandlers), the Requirements section:

Microsoft Internet信息服务（IIS）5.0版，5.1或6.0结果
  在.NET Framework 1.0版，1.1或2.0结果
  微软的Visual Studio 2003或Visual Studio 2005

...这表明这不是在.NET支持3和IIS7 ...

...which indicates that this is not supported in .NET 3 and IIS7...

哪里是这IIS7规定？

Where is this specified in IIS7?

推荐答案

就如何实现这一目标此MS支持文章请看：的

Take a look at this MS Support article on how to achieve this: HOW TO: Use ASP.NET to Protect File Types.

它必须设置IIS转发这些请求到ASP.NET，然后设置你的web.config阻止的文件类型，如：（注意这适用于您的开发计算机和IIS7前 - 一定要看清如下图）

It involves setting up IIS to forward those requests to ASP.NET and then setting up your web.config to block the desired file types, such as: (nb this works for your dev machine and before IIS7 - be sure to see below)

<system.web>
    <httpHandlers>
        <add verb="*" path="*.ini" type="System.Web.HttpForbiddenHandler" />
    </httpHandlers>
</system.web>

按照 HttpHandlers的元素页，以下扩展名默认情况下，禁止为.NET 2.0（.INI是不是其中之一）：

According to the httpHandlers Element page, the following extensions are forbidden by default as of .NET 2.0 (.ini is not one of them):

*。ASAX，*的.ascx，*的.master，*。皮肤，* .browser，* .sitemap，* .config文件，*的.cs，* .csproj的，*的.vb，* .vbproj，* .webinfo * .licx，*的.resx，*的.resources，* .MDB，* .vjsproj，*的.java，* .jsl，* .LDB，* .dsdgm，* .ssdgm，* .lsad，* .ssmap，* .CD，* .dsprototype，* .lsaprototype，* .sdm，* .sdmDocument，*密度纤维板，* .LDF

*.asax, *.ascx, *.master, *.skin, *.browser, *.sitemap, *.config, *.cs, *.csproj, *.vb, *.vbproj, *.webinfo, *.licx, *.resx, *.resources, *.mdb, *.vjsproj, *.java, *.jsl, *.ldb, *.dsdgm, *.ssdgm, *.lsad, *.ssmap, *.cd, *.dsprototype, *.lsaprototype, *.sdm, *.sdmDocument, *.mdf, *.ldf

编辑：在此之前适用于IIS版本到IIS 7.0。 IIS 7.0中增加了一个额外的操作模式，称为集成模式（默认用于ASP.NET），这需要处理被放置在＆LT; system.webServer＆GT; /＆LT;处理＆GT; 而不是＆LT的;＆的System.Web GT; /＆LT;＆HttpHandlers的GT; 。我说这个页面上一些更多的信息和链接，@敬畏的回答，检查它的更多细节。

this applies to IIS versions prior to IIS 7.0. IIS 7.0 adds an additional operating mode, called Integrated Mode (default for ASP.NET), which requires handlers to be placed in <system.webServer>/<handlers> instead of <system.web>/<httpHandlers>. I added some more info and links to @awe's answer on this page, check it out for more details.

重要！对于IIS 7.0或更高版本

如您需要将编辑指定的＆LT;添加＆gt; 在不同的地方元素的和规则需要一个名字太的 - 如果你不指定一个名称，再启动时，你会得到一个500内部错误

As specified in the edit you need to place the <add> element in a different place and the rule needs a name too - if you dont specify a name you will get a 500 Internal Error when restarting

  <system.webServer>
        <handlers>
            <add name="IgnoreIni" verb="*" path="*.ini" type="System.Web.HttpForbiddenHandler" />
        </handlers>
    </system.webServer>