堆栈内存溢出
  简体   繁体   English

如何保护ASP.Net中上传的文件

[英]How to secure uploaded files in ASP.Net

 原文  2014-09-16 10:35:18       c#/ asp.net

问题描述

I am uploading documents such as excel, pdf, word, ppt in asp.net. 我正在asp.net中上传excel,pdf,word,ppt等文档。 How can I make it secure. 如何确保它的安全性。

Suppose I have a website www.example.com and I have uploaded docs in "Files" folder in root directory. 假设我有一个网站www.example.com,并且我已将文档上载到根目录的“文件”文件夹中。 the name of a file I have uploaded is 3828392839.pdf and if enter "www.example.com/Files/3828392839.pdf" url in address bar then it allows to open and download docs. 我上传的文件名称为3828392839.pdf,如果在地址栏中输入“ www.example.com/Files/3828392839.pdf”URL,则可以打开和下载文档。 I need If there is a valid logged in user then it allows to open or download the files. 我需要如果有一个有效的登录用户,则可以打开或下载文件。

5 个解决方案

解决方案1
 1  2014-09-16 10:39:28

You will have to create valid folder structure for this purpose while saving the file. 为此,您必须在保存文件的同时创建有效的文件夹结构。

Eg. 例如。 If user with userID 20052 logged in and uploads the file. 如果用户ID为20052的用户已登录并上传文件。 Then file path should be: 然后文件路径应为: 

Files/20052/3828392839.pdf

Here i have created foldername same as userid to save the uploaded file. 在这里,我创建了与userid相同的foldername来保存上载的文件。

While opening the file you will have to compare the foldername ie 20052 and loggedin userid . 打开文件时,您将必须比较文件夹foldername即20052和已登录的userid

If they are same then allow to download the file. 如果它们相同,则允许download文件。

解决方案2
 0  2014-09-16 10:40:37

You should implement proper authentication and authorization in asp.net site for your requirement. 您应该根据需要在asp.net网站中实施适当的身份验证和授权。

To learn more go through this links 要了解更多信息,请通过此链接

解决方案3
 0  2014-09-16 10:42:10

Pretty simple. 很简单 Create a normal ASP.NET page. 创建一个普通的ASP.NET页。 Do your authetnication however you want to do that, if they pass authentication, send the file to the response as described here... 进行身份验证,但是您想要这样做,如果他们通过了身份验证,则按照此处所述将文件发送到响应...

How to send file in HttpResponse? 如何在HttpResponse中发送文件?

Alternatively if they do not pass authentication, don't send the file instead respond with some html like "Access Denied" 或者,如果他们未通过身份验证,则不要发送文件,而是使用诸如“访问被拒绝”之类的html响应

解决方案4
 0  2014-09-16 10:50:11

You can secure this by creating permissions to documents folder. 您可以通过创建documents文件夹的权限来保护此安全。 This means you need permission to upload files and to download as well. 这意味着您需要具有上传和下载文件的权限。

For Simple windows authentication: Create reader and writer roles as local user/group. 对于简单Windows身份验证:将读取者和写入者角色创建为本地用户/组。 For Basic Authentication: Best is to use database authentication for roles. 对于基本身份验证:最好是对角色使用数据库身份验证。

You need to check IIS apppool is configured correctly if you are using IIS7.0 如果使用的是IIS7.0,则需要检查IIS apppool的配置是否正确

解决方案5
 0  2014-09-16 10:55:29

If your are using IIS 7+ see this question : How do I protect static files with ASP.NET form authentication on IIS 7.5? 如果您使用的是IIS 7+,请参阅以下问题: 如何在IIS 7.5上使用ASP.NET表单身份验证保护静态文件? .

For IIS 6 you can put the files in app_data folder and you need to make a handler to serve the files . 对于IIS 6,可以将文件放在app_data文件夹中,并且需要使处理程序为文件提供服务。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 ASP.Net MVC 中验证上传的文件 - How to validate uploaded files in ASP.Net MVC 如何重命名上传的文件 asp.net core mvc - How to rename uploaded files asp.net core mvc ASP.NET core 2.0 中如何处理上传的文件 - How to process uploaded files in ASP.NET core 2.0 ASP.net FileUpload会破坏上传的文件 - ASP.net FileUpload corrupts uploaded files 在ASP.NET中重命名并发上载的文件 - Renaming concurrent uploaded files in ASP.NET 如何保护 ASP.NET Core 中的健康检查? - How to secure healtchecks in ASP.NET Core? 这个ASP.Net身份验证模型的安全性如何? - How secure is this ASP.Net authentication model? 如何使用角色保护ASP.Net中的网页? - How to secure webpages in ASP.Net with roles? 如何在ASP.NET中保护AJAX请求? - How to secure AJAX request in ASP.NET? 是否可以将上传的文件保存在 ~/Content 中? (ASP.NET MVC2) - Is it possible to save uploaded files in ~/Content? (ASP.NET MVC2)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM