限制下载 Web.Config 中的一般文件
[英]Restrict download for general files in Web.Config
问题描述
I need to restrict client access to some specific files.
我需要限制客户端对某些特定文件的访问。 I would like to do it in my web.config instead of relying on who manages the IIS.我想在我的 web.config 中执行此操作,而不是依赖于管理 IIS 的人员。
I know it is possible to restrict access to file types (for example, all XML files), as seen here: How to restrict download of specified file types我知道可以限制对文件类型(例如,所有 XML 文件)的访问,如下所示: 如何限制指定文件类型的下载
However, how to specify exact file(s)?但是,如何指定确切的文件? For example, I would need to block direct access to the file at ~/test/mytest.xml Keep in mind that another copy of this file, located at ~/secondtest/mytest.xml should still be available to the client.例如,我需要阻止直接访问 ~/test/mytest.xml 中的文件 请记住,位于 ~/secondtest/mytest.xml 的此文件的另一个副本应该仍然可供客户端使用。
The only option is in IIS?唯一的选择是在 IIS 中? I can't control it in the web.config?我无法在 web.config 中控制它?
Thanks!谢谢!
2 个解决方案
解决方案1
5 已采纳 2015-01-14 15:52:51
You can directly specify the file name like following in web.config.您可以在 web.config 中直接指定文件名,如下所示。
<system.web>
<httpHandlers>
<add path="test/mytest.xml" verb="*" type="System.Web.HttpForbiddenHandler"/>
</httpHandlers>
</system.web>
For IIS7 onwards use following.对于 IIS7 以后使用以下。
<system.webServer>
<handlers>
<add path="test/mytest.xml" verb="*" type="System.Web.HttpForbiddenHandler" name="XML"/>
</handlers>
</system.webServer>
解决方案2
0 2015-01-14 16:26:07
You can restrict access from logged in, anon, specific roles, etc to paths and/or files in your web.config as such:您可以限制登录、匿名、特定角色等对 web.config 中的路径和/或文件的访问,如下所示:
<location path="filename or path">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
You might also need to put the following in your config:您可能还需要将以下内容放入您的配置中:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.