Restrict direct file access of our attachment fold

2019-08-25 01:45发布

问题:

We have this website where we also have a visa application module. The visa application module requires the user to create an account. Whenever the user uploads attachments it is saved in a specific folder inside attachments. This specific folder corresponds to a uniquely generated numbers that is assigned to each user.

Now what I need is if the user is not login they should not be able to access the files inside the attachment folders.

How can I achieve that using http handler?

I have this code

if (HttpContext.Current.Session["UserRegistrationID"] != null)
            {
                if (HttpContext.Current.Session["UserRegistrationID"].ToString() != "")
                {
                    DownloadFile(context);
                }
                else
                {
                    context.Response.Write("You don't have the rights to access this file.");
                    context.Response.Flush();
                }
            }
            else
            {
                context.Response.Write("You don't have the rights to access this file.");
                context.Response.Flush();
            }

protected void DownloadFile(HttpContext context)
        {

        context.Response.ContentType = "image/jpg";
        context.Response.WriteFile(context.Request.PhysicalPath);
        context.Response.Flush();
    }

But the problem is I'm having a problem configuring it in web config.

Does anybody knows how to do this?

回答1:

Take a look at one of my answers

How to restrict unlogged unauthorized users from viewing web pages in asp net

This rule is actualy applied to folders, just what are you looking for.