为保护下载文件的目的,我创建了http handler liket:
public void ProcessRequest(HttpContext context)
{
string user = HttpContext.Current.User.Identity.Name;
FilePermissionHelper helper = new FilePermissionHelper(user);
string path = context.Request.Form["file"];
bool canDownload = helper.HasPermission(FileOperation.Download, path);
if (!canDownload)
{
context.Response.StatusCode = 403;
context.Response.End();
return;
}
else
{
string fileName=String.Format(@"{0}App_Data\files{1}",HostingEnvironment.ApplicationPhysicalPath,path.Substring(1));
context.Response.ContentType = "application/octet-stream";
context.Response.AppendHeader("Content-Disposition", fileName);
context.Response.TransmitFile(fileName);
context.Response.End();
}
}
它使用HttpContext.Current.User。
当我将此处理程序用于以下服务文件时:
protected void tvFile_NodeClick(object sender, RadTreeNodeEventArgs e)
{
string url = new Uri(String.Format("{0}/{1}", Request.Url.GetLeftPart(UriPartial.Authority),HandlerName)).AbsoluteUri;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
string data = String.Format("file={0}", e.Node.Value);
byte[] buffer = Encoding.UTF8.GetBytes(data);
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = buffer.Length;
Stream reqst = req.GetRequestStream();
reqst.Write(buffer, 0, buffer.Length);
reqst.Flush();
reqst.Close();
byte[] bytes=ReadFully(((HttpWebResponse)req.GetResponse()).GetResponseStream());
HttpContext.Current.Response.ContentType = "application/octet-stream";
HttpContext.Current.Response.AppendHeader("Content-Disposition", String.Format("attachment; filename={0}",e.Node.Text));
HttpContext.Current.Response.BinaryWrite(bytes);
HttpContext.Current.Response.End();
}
我在处理程序中得到了HttpContext.Current.User = null。当然我可以使用POST数据,Session,但我希望通过HttpContext解决这个问题。顺便说一句,当我在客户端(通过js)发布POST时,一切正常:HttpContext.Current.User传递给处理程序。怎么了?感谢。
答案 0 :(得分:0)
使用IRequiresSessionState
向您的处理程序添加另一个名为IHttpHandler
的接口,您可能会正确地让用户正确