如何拒绝访问 Asp.Net 应用程序中的某些页面
我有一个需求:在 Asp.Net 4.0 应用程序中,我想拒绝对某些资源的访问。我想要达到的目标如下:
1)考虑一个用户试图从我的应用程序获取文档,例如位于我的应用程序中某处的 txt 文件。
2) 当用户输入我的网站和资源的 url 时,例如 www.mysite.com/Folder1/myfile.txt 我的应用程序不应返回该文件。
怎么办这个???
谢谢
I have one need: In an Asp.Net 4.0 application I would like to deny access to some resources. The goal I would like to reach is the following:
1) Consider a user trying to get a document from my application, for example a txt file located somewhere in my application.
2) When the user types the url of my web site and the resource, for example www.mysite.com/Folder1/myfile.txt my application should NOT give that file back.
How to do this???
Thankyou
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以使用位置标签来控制此类事物。
在此示例中,我向客户和管理员授予对 CustomersFolder 目录的访问权限:
然后,通过第二个块,我将对该文件夹下某个文件的访问权限限制为仅管理员:
希望类似的内容适合您。
You can use location tags to control this type of thing.
In this example, I give Customers and Admins access to the CustomersFolder directory:
And with this second block, I then limit access to a certain file under that folder to just Admins:
Hopefully something like that will work for you.
您可以使用 web.config 中的 location 元素 来限制对页面的访问或文件夹。但为了使其能够处理通常不由 .NET 运行时处理的文件(即 .txt 文件),您还必须在 IIS 或 web.config 中对其进行配置。
另一种选择是将敏感文件放在 App_Data 文件夹中,并仅通过特殊页面或 HttpHandler 提供服务,该页面或 HttpHandler 会检查权限。
You can use the location element in web.config to restrict access to pages or folders. But in order for it to work for files which are normally not handled by the .NET runtime (i.e. .txt files), you have to configure that in IIS or web.config as well.
Another option is to put your sensitive files in the App_Data folder, and only serve the up via a special page or HttpHandler, which checks for permissions.