stackoom
  简体   繁体   中英

Setting Autorization rules for ashx handler in ASP.NET MVC 3 application

 原文  2012-06-11 17:10:06       asp.net/ asp.net-mvc/ security/ httphandler

Question

I am implementing a javascript file upload functionality in my MVC 3 application and therefore I need to use Http Handler (.ashx) to allow large file upload. Now I need to somehow forbid unauthenticated users to call handler's methods. If I had a controller, I would simply apply [Authorize] attibute to it. But does the attribute work when applied to an Http Handler's method? IF not, how can I allow only people that have a current session cookie to make calls to Http Handler?

1 answers

solution1
 5 ACCPTED  2012-06-11 17:11:50

You could use the <location> section in your web.config to deny access to ~/upload.ashx to anonymous users: 

<location path="upload.ashx">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

Remark: never use the <location> tag to control authorization with ASP.NET MVC controller actions and routes. Use the built-in [Authorize] attribute to decorate the corresponding controller/action.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Server error in '/' application - ashx handler ASP.net ashx handler not caching ASP.NET Save Image in ashx handler ASP.NET Handler (ashx) vs MVC Controller Action for downloading files What are .ashx files in an ASP.NET application? asp.net handler.ashx running only on refresh in ajax jQuery to bind data to ASP.NET DataList using a ashx handler Chrome is streaming PDF from ASP.NET ashx handler ASP.NET Generic HTTP Handler (.ashx) supporting JSONP Anonymous authentication using generic asp.net handler (*.ashx)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM