IIS虚拟文件夹URL加密
[英]IIS Virtual Folder URL encryption
问题描述
We have ac# asp.net web application that, amongst other things, allows users to download previously uploaded files such as PDF's, Word docs etc. The asp.net app is served up via an IIS6 server and the file resources live on a different server. 
我们有ac#asp.net web应用程序,除其他外,允许用户下载以前上传的文件,如PDF,Word文档等.asp.net应用程序通过IIS6服务器提供,文件资源生活在不同的服务器。
When the user requests a file (ie click a button on the web form), we stream the file back to their browser, changing the ContentType appropriately. 当用户请求文件(即单击Web表单上的按钮)时,我们将文件流回其浏览器,并相应地更改ContentType。
This seemed a good way to avoid going down the IIS virtual folder route to serve up the file resources - which we had concerns about due to the potential for users to hack the URL. 这似乎是避免沿着IIS虚拟文件夹路由提供文件资源的好方法 - 由于用户可能会破解URL,我们担心这一点。 ie with a URL like https://mydomain/myresource/clientid/myreport.docx , a savvy user could have a good stab at guessing alternative cvlientid's and document names. 即使用像https://mydomain/myresource/clientid/myreport.docx这样的URL,一个精明的用户可以很好地猜测替代cvlientid和文档名称。
The trouble with streaming a Word document to the browser is that when the browser throws it at Word, Word treats it as a brand new doc, which means the original document's properties & margin info is lost. 将Word文档流式传输到浏览器的麻烦在于,当浏览器将其投放到Word时,Word会将其视为全新的文档,这意味着原始文档的属性和边距信息将丢失。
Our users store metadata information in the Word doc properties, so this solution is not acceptable to them. 我们的用户将元数据信息存储在Word文档属性中,因此他们不接受此解决方案。
Serving up via IIS virtual folders solves that problem, but introduces the URL security problem. 通过IIS虚拟文件夹提供服务解决了这个问题,但引入了URL安全问题。
So my questions are ... 所以我的问题是......
Does anyone know how we can use URL encryption/decryption (or obfuscation) with IIS Virtual folders? 有谁知道我们如何使用IIS虚拟文件夹进行URL加密/解密(或混淆)?
Or does anyone know of any open source projects that do a similar job. 或者有人知道任何做类似工作的开源项目。
Or does anyone have any sugestions on how to go about writing our own implementation of Virtual folders but with encrypted URLs? 或者是否有人对如何编写我们自己的虚拟文件夹实现但使用加密URL有任何兴趣?
Many thanks in advance. 提前谢谢了。
ps. PS。 our web app is delivered over https 我们的网络应用程序通过https提供
2 个解决方案
解决方案1
0 2010-02-25 16:34:59
Sorry guys, in my question, I have made some incorrect assumptions. 对不起,伙计们,在我的问题中,我做了一些不正确的假设。
What am I trying to do is persist the properties stored on a word document when they are delivered from server (using either Response.TransmitFile or via a virtual folder) to a client browser. 我想要做的是,当从服务器(使用Response.TransmitFile或通过虚拟文件夹)将文档存储在客户端浏览器上时,它们会保留存储在word文档中的属性。
I set up a test scenario with an IIS virtual folder and dropped a docx file (that I know contains info in the title & subject properties) in my virtual folder's physical path. 我设置了一个带有IIS虚拟文件夹的测试场景,并在我的虚拟文件夹的物理路径中删除了一个docx文件(我知道它包含标题和主题属性中的信息)。
I pointed my browser at the virtual folder alias and the browser popped up its message to either open or save the doc. 我将浏览器指向虚拟文件夹别名,浏览器弹出其消息以打开或保存文档。
If I choose to save it, the saved docx still has the properties intact. 如果我选择保存它,保存的docx仍然具有完整的属性。
If I choose to open it fist and then save it from Word, the saved docx has lost the properties. 如果我选择打开它然后从Word保存它,保存的docx已丢失属性。
So I think I need to post a different question! 所以我想我需要发一个不同的问题!
解决方案2
0 2010-04-19 20:42:15
You may find that the ClaimsAuthorizationManager class in "Windows Identity Foundation" does what you want. 您可能会发现“Windows Identity Foundation”中的ClaimsAuthorizationManager类执行您想要的操作。 You get to implement whatever logic you like to determine who can download what without using "directory security". 您可以实现您喜欢的任何逻辑,以确定谁可以在不使用“目录安全性”的情况下下载内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.