没有aspx页面的目录中的web.config
[英]web.config in directory with no aspx pages
问题描述
I have a directory where I am placing PDF files that are generated by my application. 
我有一个目录,用于放置由应用程序生成的PDF文件。 The issue is that since there are no aspx pages, the security in the web.config is not preventing direct navigation to those pdf's. 问题在于,由于没有aspx页面,因此web.config中的安全性不会阻止直接导航到这些pdf。 Granted, the information is public, I just dont want someone to be able to go straight to them for a variety of reasons. 当然,信息是公开的,我只是不希望出于各种原因有人可以直接向他们寻求帮助。
So the question is, how do I prevent access to that directory in a web.config file? 所以问题是,如何防止访问web.config文件中的该目录? here is what I have: 这是我所拥有的:
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<allow roles="role1" />
<allow roles="role2" />
<allow roles="role3" />
<allow roles="role4" />
<deny users="*" />
</authorization>
</system.web>
1 个解决方案
解决方案1
1 2009-11-19 14:27:10
You should be using an HttpHandler to accomplish file security you can map extensions through IIS and use these to handle mappings of each particular file type (ie: pdf, doc, exe, etc...) 您应该使用HttpHandler来实现文件安全性,您可以通过IIS映射扩展名,并使用这些扩展名来处理每种特定文件类型(例如pdf,doc,exe等)的映射。
Here is a link describing it... 这是描述它的链接...
http://www.15seconds.com/Issue/020417.htm http://www.15seconds.com/Issue/020417.htm
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.