Asp.Net secondary domain name sharing Forms authentication download site and image site authorization access control
- 2020-05-16 06:47:26
- OfStack
Generally, the solution to small files is to directly read the file in the server side, and then output, so as to avoid the exposure of the file address, this is a solution. What I want to talk about now is the direct output of files using TransmitFile method, but I haven't tested how strong this method is for large files and how much performance overhead it will bring. If you are interested, you can test it and make a comment.
Ok, into the topic, 1 generally to download the station, you think of is the problem of traffic, so automatically think of the file and the program code should be deployed separately. So I made a separate level 2 domain name for the file, so let's call it file.xxx.com. The main domain name is www.xxx.com, or some other level 2 domain name.
The first step is to realize the authentication and sharing between the two sites. For example, after logging in the main site, the automatic sub-station will realize the login, and Net's Forms authentication is very easy to realize this function, the underlying idea is actually the principle of sharing Cookie. Part 2 is to do permissions filtering for file stations. Now let's add web.config to both the primary and file stations. Add the same configuration to them, Web.config main configuration code is as follows:
The above profile addresses several key configuration points for cross-domain access: 1: name for authentication should be the same, path="/" to indicate that the cookie storage path is the root domain, and enableCrossAppRedirects="true" to indicate whether authentication can be redirected to other applications. 2: the httpCookie node is configured as a top-level domain. 3: machinekey for both sites must be the same. That's for permission control, by implementing the access filter inside.Net, the IHttpHandler interface, to intercept access. The implementation method is also very simple, as long as the implementation of ProcessRequest method is enough, here is my code:
After writing the above code, that is to add filter configuration, notice the above configuration file comments, the main configuration section: < add name="*.*" path="*.*" verb="*" type="Web.Handler.Download" / > name is the name of the filter, literally filling, path said you want to filter file suffix, I am all files need to filter, so direct use *. *, if only only filter jpg gif with, can be changed to: *. jpg, *. gif, type said filter Dll addresses, or what we achieve IHttpHandler class name, ok, file access control has been completed. Note: since I am using IIS7, Handler here is added to the system.webSever node, and IIS6 and below are added directly to the system.web node.
Ok, into the topic, 1 generally to download the station, you think of is the problem of traffic, so automatically think of the file and the program code should be deployed separately. So I made a separate level 2 domain name for the file, so let's call it file.xxx.com. The main domain name is www.xxx.com, or some other level 2 domain name.
The first step is to realize the authentication and sharing between the two sites. For example, after logging in the main site, the automatic sub-station will realize the login, and Net's Forms authentication is very easy to realize this function, the underlying idea is actually the principle of sharing Cookie. Part 2 is to do permissions filtering for file stations. Now let's add web.config to both the primary and file stations. Add the same configuration to them, Web.config main configuration code is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<connectionStrings>
</connectionStrings>
<appSettings>
</appSettings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Home/LogOn" defaultUrl="/" timeout="600" slidingExpiration="true" name="File" path="/" enableCrossAppRedirects="true"></forms>
</authentication> <httpCookies domain=".xxx.com"/>
<machineKey validationKey="AAA977D304FB289C182E00C710A099C9F92986DC25AD69F8" decryptionKey="AAA2B3F76A9359431E717CA8275EE72EEEDC70ED55152010" validation="SHA1"/>
</system.web>
<!-- This node simply needs to be added to the file station --> <system.webServer>
<handlers>
<add name="*.*" path="*.*" verb="*" type="Web.Handler.Download" />
</handlers>
</system.webServer>
</configuration>
The above profile addresses several key configuration points for cross-domain access: 1: name for authentication should be the same, path="/" to indicate that the cookie storage path is the root domain, and enableCrossAppRedirects="true" to indicate whether authentication can be redirected to other applications. 2: the httpCookie node is configured as a top-level domain. 3: machinekey for both sites must be the same. That's for permission control, by implementing the access filter inside.Net, the IHttpHandler interface, to intercept access. The implementation method is also very simple, as long as the implementation of ProcessRequest method is enough, here is my code:
namespace Web.Handler
{
/// <summary>
/// File download login verification
/// </summary>
public class Download : IHttpHandler
{
public bool IsReusable
{
get
{
return true;
}
}
public void ProcessRequest(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
string fileName = context.Server.MapPath(context.Request.FilePath);
context.Response.ContentType = Path.GetExtension(fileName);
context.Response.TransmitFile(context.Request.FilePath);
}
else
{
context.Response.Write(" You are not logged in! ");
}
}
}
}
After writing the above code, that is to add filter configuration, notice the above configuration file comments, the main configuration section: < add name="*.*" path="*.*" verb="*" type="Web.Handler.Download" / > name is the name of the filter, literally filling, path said you want to filter file suffix, I am all files need to filter, so direct use *. *, if only only filter jpg gif with, can be changed to: *. jpg, *. gif, type said filter Dll addresses, or what we achieve IHttpHandler class name, ok, file access control has been completed. Note: since I am using IIS7, Handler here is added to the system.webSever node, and IIS6 and below are added directly to the system.web node.