堆栈内存溢出
  简体   繁体   English

web.config中的安全路径/文件夹

[英]Secured path/folder in web.config

 原文  2014-02-18 15:55:17       c#/ asp.net/ web-config

问题描述

I created a secure path in in my web-application. 我在Web应用程序中创建了一条安全路径。

like mention in this link : http://msdn.microsoft.com/en-us/library/ff648341.aspx 像在此链接中提到的: http : //msdn.microsoft.com/en-us/library/ff648341.aspx

when i use the below config for secure my files: 当我使用以下配置保护我的文件时: 

<location path="Secure">
    <system.web>
      <customErrors mode="RemoteOnly" redirectMode="ResponseRewrite" defaultRedirect="error.html">
      </customErrors>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

the below files are not accessable without loign: 不能无知地访问以下文件: 

my host link /secure/xyz/01.doc    
my host link /secure/xyz/01.docx    
my host link /secure/xyz/01.xls    
my host link /secure/xyz/01.xlsx

but the below files are still accessable without login: 但无需登录即可访问以下文件: 

my host link /secure/xyz/01.pdf    
my host link /secure/xyz/01.txt    
my host link /secure/xyz/01.png

any idea about such a behaviour? 关于这种行为有什么想法吗? why other than office document files are still accessable? 为什么仍然可以访问Office文档以外的文件? i need to secure them. 我需要保护它们。

2 个解决方案

解决方案1
 0  2014-02-18 15:59:51

While your web.config secured your web pages and certain files, the PDFs, like many other static files, are being served up directly by IIS. 当您的web.config保护您的网页和某些文件时,PDF与许多其他静态文件一样,由IIS 直接提供

You can force these other static files to go through the ASP.NET pipleline by adding StaticFileHandler entries in your web.config, in the handlers section. 通过在web.config中的处理程序部分中添加StaticFileHandler条目,可以强制这些其他静态文件通过ASP.NET管道。 

<system.webServer>
  <handlers>
    <add name="PDFHandler" type="System.Web.StaticFileHandler" path="*.pdf" verb="GET"  />
    <add name="PNGHandler" type="System.Web.StaticFileHandler" path="*.png" verb="GET"  />
    <add name="TXTHandler" type="System.Web.StaticFileHandler" path="*.txt" verb="GET"  />
  </handlers>
</system.webServer>

I would guess though you already have something similar to this for your other office document types. 我猜想,对于其他Office文档类型,您已经具有与此类似的功能。 Either in the web.config or in IIS. web.config或IIS中。

解决方案2
 0 已采纳  2014-02-19 08:16:04

got the solution. 得到了解决方案。

After login, when click to download on the file having formate .pdf .png .txt, 登录后,当单击以下载格式为.pdf .png .txt的文件时,
Browser didnt download - but it shown in the same tab 浏览器未下载-但显示在同一标签中
(and browser cached it, i think so... Correct me if i Wrong!!!) (并且浏览器将其缓存,我认为是这样。如果我错了,请纠正我!!!)
in case of .doc .xls it open the dialog to download (without caching). 如果是.doc .xls,则打开对话框进行下载(无需缓存)。

After Logout, on browsing the download link of .pdf .png .txt 注销后,在浏览.pdf .png .txt的下载链接时
It opens it / load it from cache. 它打开它/从缓存中加载它。
on the other hand, while surfing .doc .xls redirect me to login 另一方面,在浏览.doc .xls时将我重定向到登录

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用web.config中的location标记重定向到安全页面 - Redirect to secured pages using location tag in web.config 更改ISAPI文件夹中的Web.Config - Changing Web.Config in ISAPI folder web.config - 忽略特定文件夹的重写 - web.config - Ignore rewrite for specific folder 如何在web.config文件中设置实时服务器的图像文件夹路径 - how to set image folder path for live server in web.config file Web.config文件路径声明 - Web.config file path declaration 从web.config读取基本路径 - Reading base path from web.config 在Web.config中设置队列路径 - Set Queue Path in Web.config Web.config转换更改Appsettings的路径 - Web.config transformation change path to appsettings 调用带有代码后缀而不是Web.Config终结点的服务时出现不安全或错误保护的错误错误 - Unsecured or incorrectly secured fault error when calling a service with code-behind instead of Web.Config endpoint 仅重定向根文件夹 web.config 上的 default.aspx - Redirect only default.aspx on the root folder web.config
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM