问题
I need to prevent someone from directly accessing a pdf, instead only allowing them to be pulled through the app itself. How can this be done?
回答1:
Check my blog post about this: How to hide users files and folders on your website?
There are two solutions for doing that:
1- You can put your “UsersUploads” folder outside the website directory, so if your website exist on “c:\website\example.com” you can put the “UsersUploads” there “c:\UsersUploads”, Like that IIS has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.
2- Stop IIS from serving this folder:
IIS by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config,….
回答2:
Add this to your top-level Web.config to block a folder called Reports (your folder name goes there). This will allow your application to access Reports/file.pdf but an outside request to yoursite.com/Reports/file.pdf will be blocked.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Reports" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
回答3:
Put the files in the app_data folder and then use a HttpHandler to serve the files. You can use url rewriting if you want to hide it and make it look cleaner.
回答4:
set the permissions on the folder to deny access to whoever. Ask your sys admin guy to create an account and give read access to the folder. Then set impersonation up in the web.config file to use the new account.
Read this
http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx
来源:https://stackoverflow.com/questions/6822173/denying-direct-access-to-a-folder-only-allow-through-app