MVC网站-如何防止访问静态文件
[英]MVC website - how to prevent access to static files
问题描述
I have a MVC website, without authentication. 
我有一个MVC网站,未经身份验证。 In the website directory I have a folder \\ProjectNotes which contains a file inside, Notes.txt. 在网站目录中,我有一个\\ ProjectNotes文件夹,其中包含一个文件Notes.txt。 Neither this folder nor the text file are a part of the solution, but still get copied up on publish. 该文件夹和文本文件都不是解决方案的一部分,但仍会在发布时被复制。
My problem is that using a web browser anybody can access mysite.com/ProjectNotes/Notes.txt and I cannot prevent it. 我的问题是使用Web浏览器的任何人都可以访问mysite.com/ProjectNotes/Notes.txt,但我无法阻止它。 I have tried adding a specific route to take the user to the error page (no effect) and in the web config I've tried but that didn't work either. 我尝试添加特定的路由以将用户带到错误页面(无效),并且在Web配置中我尝试了但没有用。
How can I prevent access to the Notes.txt file using the MVC framework? 如何防止使用MVC框架访问Notes.txt文件?
1 个解决方案
解决方案1
5 已采纳 2016-04-05 12:27:59
You should use Web.Config file for your case. 您应该为您的案例使用Web.Config文件。 Add to your root Web.Config file into <system.webServer> section: 将您的根Web.Config文件添加到<system.webServer>部分:
<security>
<requestFiltering>
<hiddenSegments>
<add segment="ProjectNotes"/>
</hiddenSegments>
</requestFiltering>
</security>
Actually, your question has nothing with MVC, but with IIS restrictions (Or other web server restrictions but I assume you using IIS) 实际上,您的问题与MVC无关,但与IIS限制无关(或其他Web服务器限制,但我假设您使用IIS)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.