问题
I'm currently using MVC4.
- I have a folder in my project that has files (images, doc and pdf files).
- I have a database with a list of users (.net membership guids) that have permission to access each of the files.
What I'm currently researching and I'm asking you advice, as I never did it on MVC:
Any tip regarding how to catch the http request of the file and then decide on runtime if the user has permissions to acces or not? Is there any kind of http handler that let me do that on MVC? Any other idea or tip?
Thanks in advance!..
PnP
回答1:
I would create a new FileAuthorizeAttribute and decorate a new controller method.
public class FileAuthorizeAttribute: AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (base.IsAuthorized(actionContext))
{
// check if guid is in your database
}
return false;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
}
}
public class FileController : Controller
{
[FileAuthorize]
public FileResult Load(string fileName)
{
//return File(fileName, contentType);
}
}
来源:https://stackoverflow.com/questions/13367037/handling-file-permissions-on-runtime-using-mvc4