stackoom
  简体   繁体   中英

How to password protect a image directory with a web.config

 原文  2013-11-05 15:28:41       c#/ .net/ authentication/ web-config

Question

How would I set a directory to where only authenticated users could access the files?

In other words I need to make sure that only people that are logged in can access the images and other person data with a web.config.

What are the settings?

Here is what I've got so far but it does not stop users that are not logged. 

    <?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
</configuration>

My web.config file with most of the information removed. If you could place that configuration info where it goes so that no one that is on my site can access a folder called users unless they are logged on. 

    <?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <connectionStrings configSource="cnn.config" />
  <appSettings configSource="app.config" />
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime requestValidationMode="4.5" targetFramework="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    <machineKey compatibilityMode="Framework45" />
    <authentication configSource="authentication.config" />
    <pages>
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    <controls>
        <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
      </controls>
    </pages>
    <membership configSource="membership.config" />
    <roleManager configSource="roles.config" />
    <profile configSource="profile.config" />
      <!--<sessionState mode="InProc" customProvider="DefaultSessionProvider">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
      </providers>
    </sessionState>-->
  </system.web>
</configuration>

1 answers

solution1
 1 ACCPTED  2013-11-05 19:29:50

Have a look at this article: HOW TO: Control Authorization Permissions in an ASP.NET Application

In short you can set folder permissions like this: 

<configuration>
    <location path="images">
        <system.web>
            <authorization>
                <deny users ="?" />
            </authorization>
        </system.web>
    </location>
</configuration>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to solidly protect web.config How to protect web.config connection string from other developers? retrieve username and password from web.config Encrypt the password string in web.config How to Encrypt and Decrypt only password in connectionStrings Web.config/App.config in C#? How to split web.config? How can a database username and password be stored securely in a web.config file when using Entity Framework how to set the username and password in the asp.net web.config file of funnelweblog? How to read username and password separately from web.config in C# What is the potential security risk of including the db password in the web.config
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM