如何限制访问文件系统中的文件(ASP.NET Web应用程序目录)?

时间:2022-04-24 16:05:15

am working on a ASP.Net Web Applications. In that user can upload documents and they can view the same when they required. These uploads kept in the file system(path:- WebApp/Uploads/Docs). This will be served to users only if they are the owners of the document Or upload.

我正在开发ASP.Net Web应用程序。在该用户可以上传文档,他们可以在需要时查看相同的文档。这些上传保存在文件系统中(路径: - WebApp / Uploads / Docs)。只有当用户是文档的所有者或上传时,才会向用户提供此功能。

My Question Is: The file with this WebApp/Uploads/Docs/Doc1.doc
path must be accessed only by the Uploader/Owner of that document.

我的问题是:具有此WebApp / Uploads / Docs / Doc1.doc路径的文件只能由该文档的上传者/所有者访问。

Other application user must be restricted from accessing this Path.

必须限制其他应用程序用户访问此路径。

So, Can i have a check(User Is Owner Or Not) before this file served to other users.?

那么,在将此文件提供给其他用户之前,我可以检查(用户是否为所有者)。

2 个解决方案

#1


2  

I will advise you to keep the documents out of the web site directory since this exposes them to an unauthorized downloads.

我会建议您将文档保留在网站目录之外,因为这会将文档暴露给未经授权的下载。

as for the check that you need you can create a generic handler (*.ashx) for your documents that will validate the document owner and will serve the content only to permitted users.

至于您需要的检查,您可以为您的文档创建一个通用处理程序(* .ashx),以验证文档所有者,并仅将内容提供给允许的用户。

HTTP Handlers and HTTP Modules Overview

HTTP处理程序和HTTP模块概述

#2


0  

You can achieve this via Web.config In web.config under add the element..

你可以通过Web.config实现这一点。在web.config下添加元素..

In the element, add the configuration element and the configuration element. Use the users attribute to specify a comma-delimited list of user names. You can use a question mark (?) as a wildcard character that matches any user name. For example, the following code denies access to all users except user1 and user2:

在元素中,添加配置元素和配置元素。使用users属性指定以逗号分隔的用户名列表。您可以使用问号(?)作为匹配任何用户名的通配符。例如,以下代码拒绝访问除user1和user2之外的所有用户:

<authorization>
    <allow users="user1, user2"/>
    <deny users=”?”/>
</authorization>

#1


2  

I will advise you to keep the documents out of the web site directory since this exposes them to an unauthorized downloads.

我会建议您将文档保留在网站目录之外,因为这会将文档暴露给未经授权的下载。

as for the check that you need you can create a generic handler (*.ashx) for your documents that will validate the document owner and will serve the content only to permitted users.

至于您需要的检查,您可以为您的文档创建一个通用处理程序(* .ashx),以验证文档所有者,并仅将内容提供给允许的用户。

HTTP Handlers and HTTP Modules Overview

HTTP处理程序和HTTP模块概述

#2


0  

You can achieve this via Web.config In web.config under add the element..

你可以通过Web.config实现这一点。在web.config下添加元素..

In the element, add the configuration element and the configuration element. Use the users attribute to specify a comma-delimited list of user names. You can use a question mark (?) as a wildcard character that matches any user name. For example, the following code denies access to all users except user1 and user2:

在元素中,添加配置元素和配置元素。使用users属性指定以逗号分隔的用户名列表。您可以使用问号(?)作为匹配任何用户名的通配符。例如,以下代码拒绝访问除user1和user2之外的所有用户:

<authorization>
    <allow users="user1, user2"/>
    <deny users=”?”/>
</authorization>