使用处理程序限制未经授权的文件下载访问
[英]Restrict unauthorized access to file download using handler
问题描述
I am working on a website where the images and other files are handled by a handler named resources.ashx. 
我在一个网站上工作,该网站上的图像和其他文件由名为resources.ashx的处理程序处理。 These files are not stored in any folder but are fetched from database. 这些文件不存储在任何文件夹中,而是从数据库中获取的。
The problem is the access to some of the files is restricted, whereas some images and files are open to all. 问题是对某些文件的访问受到限制,而某些图像和文件向所有人开放。
Lets say the path to one of the restricted image is : 可以说,其中一张受限图片的路径为:
../website/resources.ashx/restrictedimage.jpg
If an unauthenticated user types in this url, he will have access to the image straight away. 如果未经身份验证的用户键入此URL,则他将可以直接访问该图像。 I want to restrict that. 我想限制那个。
PS -> I can't change the handler as I am referencing it from some other project. PS->我无法更改处理程序,因为我正在从其他项目中引用它。
2 个解决方案
解决方案1
0 2011-10-04 04:04:46
May be an HttpModule can help you out. 可能是HttpModule可以帮助您。 Handle the AuthenticateRequest event, parse/compare requested url and users/roles. 处理AuthenticateRequest事件,解析/比较请求的url和用户/角色。
解决方案2
0 2011-10-04 04:10:56
You can use authorization rules in your web.config to control access to the files (ie urls) or your choosing based on user/group membership. 您可以在web.config中使用授权规则来控制对文件(即url)的访问或基于用户/组成员资格的选择。 See: using multiple authorization elements in web.config 请参阅: 在web.config中使用多个授权元素
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.