我将这个类放在一个asp web表单中,我试图只有在他们有密码和发送给他们的文件的链接时才允许用户下载。
protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
//Get the filename from the link and the password entered by the user
string savefilename = Request.QueryString["file"];
string password = txtPassword.Text.Trim();
//Make sure that the password maches for the requested file
if (BLCustomerFile.IsUserAuthenticated(savefilename, password))
{
//Check if the file still exists on the server
string filename = savefilename.Substring(32);
string fileserverpath = Server.MapPath("~/uploads/" + savefilename);
if (File.Exists(fileserverpath))
{
//Response back with the file -- file download
FileInfo fileInfo = new FileInfo(fileserverpath);
Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AppendHeader("Content-Disposition", "attachment; filename=" + filename);
Response.AppendHeader("Content-Length", fileInfo.Length.ToString());
Response.WriteFile(fileInfo.FullName);
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
else
{
lblMessage.Text = "File No longer exists on the server.";
}
}
else
{
lblMessage.Text = "You are not authorized to download this file.";
}
}
catch (Exception ex)
{
lblMessage.Text = "Some error occurred. Please try again later.";
}
}
问题:我给用户的链接是url + filename + extension,当它被粘贴到浏览器中时,文件会立即下载。有没有办法阻止这种情况发生并强制执行上述代码,从而检查密码?
我知道我可以改变系统的逻辑,但如果有解决方案,我会以这种方式保留它,以避免必须单独向客户提供URL,文件名和密码。