在网络服务器 ASP Net Core/Angular 上保存私人图像的最佳实践
[英]Best practice to save private images on a webserver ASP Net Core/Angular
问题描述
In my Angular app users can register/logged in and upload private images.
在我的 Angular 应用程序中,用户可以注册/登录并上传私人图像。 This images are shown immediately in the formular after the upload.上传后,此图像会立即显示在公式中。 At the moment the images a stored in folder目前存储在文件夹中的图像
string imageDictionary = $"{_HostingEnvironment.WebRootPath}\\\\{User.Identity.Name}\\\\UploadFiles\\\\";
The folder and image name is stored in the database.文件夹和图像名称存储在数据库中。
What is the best way to make sure that the images can only be access by the user how are logged in?确保图像只能由用户访问的最佳方法是什么? At the moment is it possible to call the image if the link are known.如果知道链接,目前可以调用图像。
Is it enough if I disable directory browsing and give the image a random created name?如果我禁用目录浏览并为图像随机创建一个名称就足够了吗?
I use for backend ASP Net Core and for frontend Angular version 7.我用于后端 ASP Net Core 和前端 Angular 版本 7。
1 个解决方案
解决方案1
0 2019-12-10 10:20:39
I would recommend you use Azure Blob storage since already have security protection我建议您使用 Azure Blob 存储,因为已经有了安全保护
If you want to store your file in wwwroot folder you need to add middleware to check for user permission before you let them see the file because wwwroot folder is a public folder which everyone can access如果要将文件存储在 wwwroot 文件夹中,则需要添加中间件以检查用户权限,然后再让他们查看该文件,因为 wwwroot 文件夹是每个人都可以访问的公共文件夹
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.