我正在构建一个ASP.NET MVC 5站点,其中一些PDF文件用于注册成员,只有登录用户才能通过控制器操作下载它们;但是,它们也可以通过物理URI访问。网址模式如下:
本地主机:00000 / resfiles / filename.pdf
为了限制访问,我按照post创建了一个自定义路由处理程序,我想在处理程序中验证用户的身份以防止未经授权的下载。
我的RouteConfig.cs为:
public class RouteConfig
{
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.Add("PDFRoute", new Route("ResFiles/{filename}", new PDFRouteHandler()));
routes.MapRoute(
name: "ProductDetail",
url: "NewProduct/Detail/{prdId}",
defaults: new { controller = "NewProduct", action = "Detail", prdId = "" },
namespaces: new[] { "Totara.Controllers" }
);
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional },
namespaces: new[] { "Totara.Controllers" }
);
}
}
并将PDFRouteHandler类定义为:
namespace Totara.RouteHandlers
{
public class PDFRouteHandler : IRouteHandler
{
public IHttpHandler GetHttpHandler(RequestContext requestContext)
{
return new PDFHandler(requestContext);
}
}
}
PDFHandler:
namespace Totara.HttpHandlers
{
public class PDFHandler : IHttpHandler
{
public PDFHandler(RequestContext context)
{
ProcessRequest(context); // never reach here
}
private static void ProcessRequest(RequestContext requestContext)
{
var response = requestContext.HttpContext.Response; // never reach here
var request = requestContext.HttpContext.Request;
var server = requestContext.HttpContext.Server;
var requestFile = requestContext.RouteData.Values["filename"].ToString();
var path = server.MapPath("~/ResFiles/");
}
public void ProcessRequest(HttpContext context)
{
var test = "test"; // never reach here
}
public bool IsReusable
{
get { return false; }
}
}
}
转到浏览器中的网址:localhost:42439 / ResFiles / BauerContractReview_Feb2015.pdf
永远不会到达PDFHandler.cs中的三个断点。我错过了什么?感谢。