ASP.net中的静态文件和身份验证

时间:2021-05-05 05:00:47

Say I have a virtual folder /topFolder/ in IIS7, and in that folder there can be any file that can be displayed in a browser (xml, html, swf, doc etc - typically "unmanaged" resources from the IIS perspective). Before giving the request permission to open any file below the folder, I need to check some session variables in order to see if the user has a "license" for the subfolder and file in question.

假设我在IIS7中有一个虚拟文件夹/ topFolder /,并且在该文件夹中可以有任何可以在浏览器中显示的文件(xml,html,swf,doc等 - 通常是IIS透视图中的“非托管”资源)。在给予请求权限以打开文件夹下面的任何文件之前,我需要检查一些会话变量,以查看用户是否具有相关子文件夹和文件的“许可证”。

I've tried implementing a module with IHttpModule and IReadOnlySessionState interfaces, but the Session is always null on the AcquireRequestState event when the file is "static" and not IIS managed (like aspx, ashx etc).

我已经尝试使用IHttpModule和IReadOnlySessionState接口实现模块,但是当文件是“静态”而不是IIS管理(如aspx,ashx等)时,会话在AcquireRequestState事件上始终为null。

If I use a custom HttpHandler, I get the session, but then I also need to implement how the content is sent to response. Edit: Since the user isn't downloading the file, I just want IIS to serve the file like it does with its StaticFileModule. The Handler/Module should really be a StaticFileModuleWithAuthorizationHook...

如果我使用自定义HttpHandler,我会得到会话,但是我还需要实现如何将内容发送到响应。编辑:由于用户没有下载文件,我只希望IIS像使用StaticFileModule一样提供文件。处理程序/模块应该是一个StaticFileModuleWithAuthorizationHook ...

So I really want to do the following: 1. For request /topFolder/* : check session and licenses etc a) If ok, continue serving file b) If not ok, interrupt request, or just send FORBIDDEN in response.

所以我真的想要做以下事情:1。对于request / topFolder / *:检查会话和许可证等a)如果没问题,继续提供文件b)如果不正常,请中断请求,或者只是发送FORBIDDEN作为响应。

Hope someone can help.

希望有人能提供帮助。

1 个解决方案

#1


You should be able to handle this via the httphandler, the simple way is to use the built in methods to send the file down to the user if they have access.

您应该能够通过httphandler处理此问题,简单的方法是使用内置方法将文件发送给用户(如果他们有权访问)。

This article (at the bottom) shows an example of how to do this.

本文(位于底部)显示了如何执行此操作的示例。

#1


You should be able to handle this via the httphandler, the simple way is to use the built in methods to send the file down to the user if they have access.

您应该能够通过httphandler处理此问题,简单的方法是使用内置方法将文件发送给用户(如果他们有权访问)。

This article (at the bottom) shows an example of how to do this.

本文(位于底部)显示了如何执行此操作的示例。