发表新帖
发表新帖

How do I serve static files only to authorized users?

前端 未结
关注
5 846
梦毁少年i
梦毁少年i 2020-12-02 22:51

I have a collection of Excel spreadsheets that I\'d like to serve in my ASP.NET 5 webapp only to authorized users.

  1. Where should I store the files? I assume in
相关标签:
5条回答
  • 独厮守ぢ
    2020-12-02 23:21

    This is a very simple example, but it can be changed to check for specific roles, and the code can be moved out of the Startup.cs for more flexibility.

    app.Use(async (context, next) =>
               {
                   if (!context.User.Identity.IsAuthenticated
                       && context.Request.Path.StartsWithSegments("/excelfiles"))
                   {
                       throw new Exception("Not authenticated");
                   }
                   await next.Invoke();
               });
    0 讨论(0)
  • 抹茶落季
    2020-12-02 23:22

    in .net core create a dedicated directory www in same level as wwwroot, and use the following code:

    public HomeController(IHostingEnvironment hostingEnvironment)
{
    _hostingEnvironment = hostingEnvironment;
}

[Authorize(Roles = "SomeRole")]
public IActionResult Performance()
{
    return PhysicalFile(Path.Combine(_hostingEnvironment.ContentRootPath,
                                     "www", "MyStaticFile.pdf"), "application/pdf");
}

    Based on the following answer (for .netCore): static file authorization

    0 讨论(0)
  • 别那么骄傲
    2020-12-02 23:23

    If you have a login form (Login.html), a simple solution is to redirect the user to the login page if user is not authenticated and he's requesting a protected resource (file under /protected folder). In Startup.cs, in Configure method insert this code:

    app.Use(async (context, next) =>
{
    if (!context.User.Identity.IsAuthenticated && context.Request.Path.StartsWithSegments("/protected"))
    {
        context.Response.Redirect("/Login.html");
        return;
    }
    await next.Invoke();
});
    0 讨论(0)
  • 青春惊慌失措
    2020-12-02 23:29

    Yes, they should go in wwwroot. Currently there is no built-in way to secure wwwroot directories. But creating a middleware module to accomplish it is pretty straightforward. There is an easy to follow tutorial here.

    If you're not familiar with developing middleware, I posted a GitHub project that shows how to create middleware in three easy steps. You can download the project here.

    You don't need a controller to access static files.

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-12-02 23:36

    For authentication check while retrieving file:

            app.UseStaticFiles(new StaticFileOptions()
        {
            OnPrepareResponse = (context) =>
            {
                if (!context.Context.User.Identity.IsAuthenticated && context.Context.Request.Path.StartsWithSegments("/excelfiles"))
                {
                    throw new Exception("Not authenticated");
                }
            }
        });
    0 讨论(0)
 看不清?
提交回复
热议问题