1. 技术文章
  2. ASP.NET Identity - protecting a directory from unauthenticated users

ASP.NET Identity - protecting a directory from unauthenticated users

可紊 提交于 2019-12-10 11:19:21

问题


I am using ASP.NET 4.5 OWIN Identity and attempting to block access to a directory for all but authenticated users. The directory contains raw files, so it isnt possible to wrap them in the ASP LoggedInTemplate tag.

When I try and prevent access to the directory to anonymous users, it fails.

I have tried adding the following to the main Web.config file:

<system.web>
    <authorization>
        <deny users="?" />
    </authorization>
</system.web>

<location path="/docs">    
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

Doing this gives server 500 errors and highlight the location path="/docs" line as the source of the error. This is a hosted solution, so options for changing the IIS server config to allow overrides arent available to me, though that does seem one potential solution for anyone experiencing this issue.

I have now removed the above from the main web.config and added a separate web.config file in the directory that I want to protect. The new web.config contains this:

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
</configuration>

This gives no errors, but allows unauthenticated users access to the folder, which is what I am trying to prevent.

Any ideas or pointers to any article that describes how to resolve this would be much appreciated.


回答1:


The solution to this for my environment was to use the web.config file in the sub directory, but to add a custom handler definition for the file types in question.

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  <system.webServer>
    <handlers>
      <add name="PDFHandler" verb="*"
        path="*.pdf"
        type="System.Web.StaticFileHandler"
        resourceType="Unspecified" />
    </handlers>
  </system.webServer>
</configuration>

The web server then allows authenticated users only to access the files in the sub directory.

This article led my to the solution: http://www.primaryobjects.com/CMS/Article112



来源:https://stackoverflow.com/questions/27943050/asp-net-identity-protecting-a-directory-from-unauthenticated-users

标签
ASP.NET
directory
asp.net-identity
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!