堆栈内存溢出
  简体   繁体   English

Static 文件和 ASP.net 中的身份验证

[英]Static files and authentication in ASP.net

 原文  2009-03-09 13:48:42       c#/ asp.net/ security/ ihttphandler/ ihttpmodule

问题描述

Say I have a virtual folder /topFolder/ in IIS7, and in that folder there can be any file that can be displayed in a browser (xml, html, swf, doc etc - typically "unmanaged" resources from the IIS perspective).假设我在 IIS7 中有一个虚拟文件夹 /topFolder/,并且在该文件夹中可以有任何可以在浏览器中显示的文件(xml、html、swf、doc 等 - 从 IIS 的角度来看通常是“非托管”资源)。 Before giving the request permission to open any file below the folder, I need to check some session variables in order to see if the user has a "license" for the subfolder and file in question.在授予打开文件夹下任何文件的请求权限之前,我需要检查一些 session 变量,以查看用户是否拥有相关子文件夹和文件的“许可证”。

I've tried implementing a module with IHttpModule and IReadOnlySessionState interfaces, but the Session is always null on the AcquireRequestState event when the file is "static" and not IIS managed (like aspx, ashx etc).我已经尝试使用 IHttpModule 和 IReadOnlySessionState 接口实现一个模块,但是当文件是“静态”而不是 Z5DA5ACF461B4EFB27E76EC86100 等时,在 AcquireRequestState 事件中,Session 始终是 null。

If I use a custom HttpHandler, I get the session, but then I also need to implement how the content is sent to response.如果我使用自定义 HttpHandler,我会得到 session,但我还需要实现内容如何发送到响应。 Edit: Since the user isn't downloading the file, I just want IIS to serve the file like it does with its StaticFileModule.编辑:由于用户没有下载文件,我只希望 IIS 像使用 StaticFileModule 一样提供文件。 The Handler/Module should really be a StaticFileModuleWithAuthorizationHook... Handler/Module 应该是一个 StaticFileModuleWithAuthorizationHook...

So I really want to do the following: 1. For request /topFolder/*: check session and licenses etc a) If ok, continue serving file b) If not ok, interrupt request, or just send FORBIDDEN in response.所以我真的想做以下事情: 1. 对于请求 /topFolder/*:检查 session 和许可证等 a) 如果可以,继续提供文件 b) 如果不可以,中断请求,或者只是发送 FORBIDDEN 作为响应。

Hope someone can help.希望有人可以提供帮助。

1 个解决方案

解决方案1
 1  2009-03-09 13:53:39

You should be able to handle this via the httphandler, the simple way is to use the built in methods to send the file down to the user if they have access.您应该能够通过 httphandler 处理此问题,简单的方法是使用内置方法将文件发送给有权访问的用户。

This article (at the bottom) shows an example of how to do this.本文(在底部)展示了如何执行此操作的示例。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过 ASP.NET 内核上的身份验证保护 Static 文件 - Protect Static Files with Authentication on ASP.NET Core 忽略ASP.NET Identity中静态文件的身份验证 - Ignore Authentication Validation for static files in ASP.NET Identity 在asp.net core webapi中认证为jwt token时Securite静态文件无法生效 - Securite the static files could not take effect when authentication is jwt token in asp.net core webapi ASP.NET Core上的静态文件 - Static files on asp.net core 在 ASP.NET 上读取静态文件 - Reading static files on ASP.NET 在ASP.NET Core中路由静态文件 - Routing Static Files in ASP.NET Core Asp.Net Core Static 文件 - Asp.Net Core Static Files asp.net 核心不加载静态文件 - asp.net core not loading static files ASP.net身份验证 - ASP.net authentication 在ASP.NET中进行身份验证 - authentication in asp.net
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM