我在网上找到一篇这样的文章,但不知具体如何操作,请告之,谢谢!!On Window OS, security are basically enforced through a Window account and ACL (there is no way around it). If your resource are programmable (such as ASP, ASP.NET) then you can include your own custom logic to enforce security. If your resource are non-programmable, then you can only rely on the Window security feature to protect your resource. For web application/portal, Microsoft Site Server would be the recommended solution. Alternatively, you can assign an ID to each of your resource. When an authenticated user submit the ID to your application, then in your code, you can open the file and send out the content. This way, the user will never actually know the real path/name of your resource, but just only the ID. I found that this is a common solution in many portal application. I have implemented such a similar security and you can test and download the source code at http://www22.brinkster.com/ttawin/registration/ . If somehow you can download the zip file without login, then please let me know. Thanks.
老牛呀,URL本来就是用来被别人访问的,如果你的东西因为被人猜到了URL而被偷,这只能怪你自己,谁让你把它放那儿的呢?将文件放在一个安全的地方,然后读到文件流,再写到HTTP RESPONSE流 以JPG为例:Dim MyFileStream As FileStream Dim FileSize As Long
MyFileStream = New FileStream("/private/aPic.jpg", FileMode.Open) FileSize = MyFileStream.Length
Dim Buffer(CInt(FileSize)) As Byte MyFileStream.Read(Buffer, 0, CInt(FileSize)) MyFileStream.Close() Response.ContentType = "Image/JPEG" Response.BinaryWrite(Buffer)
1、表单验证:通过他可以HttpCookies和Html表单来对请求者进行身份验证,(可以针对任何资源进行身份验证)---你可以用他试试2、“护照”验证:使用MicroSoft专门的签名护照身份系统
3、Windows验证:通过WindowsChallenge/Response语义来对请求进行验证
4、自定义验证。
表单验证:
对你的web.config修改:
<system.web>
<authenrication mode = "Forms">
<forms name = "cookie-name"
path= "cookie-path"
loginurl= "url"
protection = "ALL|None|Encryption|Validation"
timeout = "number-of-minutes">
<credentials passwordFormat ="Clear|Sha1|MD5"> --这里是对用户密码指定加密算法
<user name = "User_name" password = "User_passwd">
.....
</credentials>
这些是用来验证用户的
限制资源访问是在web.config中添加
<system.web>
<authorization>
<allow users = "User_name,..." verb = "GET"/>
<allow users = "Other_user,..." verb = "POST"/>
<deny users = "?"/>
</authorization>
</system.Web>
其实现在很多应用情况下我们验证客户都不会将用户的列表放入<credentials>中,可能放在数据库表、XML文档中,但是我们可以利用基于表单的验证所提供的其它功能,比如自动重定向到注册页面,加密,检验验证,cookie的有效性。
有兴趣的话你可以去看看类库的System.Web.Security命名空间下的所有的类(都是安全验证的)表单验证的类称为FormsAuthenricarion。
以JPG为例:Dim MyFileStream As FileStream
Dim FileSize As Long
MyFileStream = New FileStream("/private/aPic.jpg", FileMode.Open)
FileSize = MyFileStream.Length
Dim Buffer(CInt(FileSize)) As Byte
MyFileStream.Read(Buffer, 0, CInt(FileSize))
MyFileStream.Close() Response.ContentType = "Image/JPEG"
Response.BinaryWrite(Buffer)