问题
I have a website on IIS 7. This website has a HttpModule with an AuthorizeRequest event handler. This event does not fire for CSV files and I can access the file without logging in, I guess this is because IIS7 is not configured to require form autentication for CSV files.
How can I set this?
回答1:
This will impact all files, but you can add a mapping to your server configuration:
- Go to the properties of your website and click on "Handler Mappings".
- In the upper right corner click, "Add Module Mapping".
- Put "*.csv" in the Request Path.
- Select "IsapiModule" for module.
- Find the aspnet_isapi.dll in the framework folder of the appropriate .net framework you are using under Executable.
- Give it a name.
- Check the tabs in "Request Restrictions" for more options.
This should force any .csv request to parse through asp.net (thus invoking formsauthentication) before servicing the request.
EDIT: Alternatively you can add a wildcard script mapping as desribed here: http://learn.iis.net/page.aspx/508/wildcard-script-mapping-and-iis-7-integrated-pipeline/
This will force authentication to all non-.net files (pdfs, docs, anything).
回答2:
this answer explains how to achive what I was looking for. I inserted in web.config the lines in chapter 3 and 4 of the referenced guide, and changed ".htm" with ".csv", maybe someone can optimize the solution for *.csv files. but for me it does what I needed.
来源:https://stackoverflow.com/questions/3814128/activate-form-authentication-for-csv-files-in-iis7