防止通过URL下载文件
网页中向用户提供了ppt文件的下载功能,前提是只有登录的用户才能下载,所以需要禁止通过URL对文件进行下载。
自己定义一个文件下载类。
using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.IO; using System.Threading; /// <summary> /// FileDownload 的摘要说明 /// </summary> public class FileDownload { /// <summary> /// 输出硬盘文件,提供下载 支持大文件、续传、速度限制、资源占用小 /// </summary> /// <param name="_Request">Page.Request对象</param> /// <param name="_Response">Page.Response对象</param> /// <param name="_fileName">下载文件名</param> /// <param name="_fullPath">带文件名下载路径</param> /// <param name="_speed">每秒允许下载的字节数</param> /// <returns>返回是否成功</returns> public static bool ResponseFile(HttpRequest _Request, HttpResponse _Response, string _fileName, string _fullPath, long _speed) { try { FileStream myFile = new FileStream(_fullPath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite); BinaryReader br = new BinaryReader(myFile); try { _Response.AddHeader("Accept-Ranges", "bytes"); _Response.Buffer = false; long fileLength = myFile.Length; long startBytes = 0; int pack = 10240; //10K bytes //int sleep = 200; //每秒5次 即5*10K bytes每秒 int sleep = (int)Math.Floor((decimal)1000 * pack / _speed) + 1; if (_Request.Headers["Range"] != null) { _Response.StatusCode = 206; string[] range = _Request.Headers["Range"].Split(new char[] { '=', '-' }); startBytes = Convert.ToInt64(range[1]); } _Response.AddHeader("Content-Length", (fileLength - startBytes).ToString()); if (startBytes != 0) { _Response.AddHeader("Content-Range", string.Format(" bytes {0}-{1}/{2}", startBytes, fileLength - 1, fileLength)); } _Response.AddHeader("Connection", "Keep-Alive"); _Response.ContentType = "application/octet-stream"; _Response.AddHeader("Content-Disposition", "attachment;filename=" + HttpUtility.UrlEncode(_fileName, System.Text.Encoding.UTF8)); br.BaseStream.Seek(startBytes, SeekOrigin.Begin); int maxCount = (int)Math.Floor((decimal)(fileLength - startBytes) / pack) + 1; for (int i = 0; i < maxCount; i++) { if (_Response.IsClientConnected) { _Response.BinaryWrite(br.ReadBytes(pack)); Thread.Sleep(sleep); } else { i = maxCount; } } } catch { return false; } finally { br.Close(); myFile.Close(); } } catch { return false; } return true; } }
添加一个一般处理程序,从session从读取用户信息,如果用户存在,进行相应文件的下载,如果不存在,返回首页。
using System; using System.Collections.Generic; using System.Web; using Video.Filters; using VideoLibrary.Model; using System.Web.SessionState; namespace Video.AppCode { /// <summary> /// download 的摘要说明 /// </summary> public class download : IHttpHandler,IRequiresSessionState { private UserInformation user = null; public void ProcessRequest(HttpContext context) { if(context.Session["user"]!=null) user=(UserInformation)context.Session["user"]; dowmload(context,user); } public void dowmload(HttpContext context, UserInformation user) { if (null != user) { string PPT_Type = context.Request.QueryString["PPT_Type"]; string id = context.Request.QueryString["id"]; string file = ""; switch (PPT_Type) { case "SharePoint": file = "SharePoint 2013 Overview.pptx"; FileDownload.ResponseFile(context.Request, context.Response, file, "D://document/" + file, 102400); break; case "Office": if (id == "1") { file = "2013 O365 Customer Presentation.pptx"; FileDownload.ResponseFile(context.Request, context.Response, file, "D://document/" + file, 102400); } else if (id == "2") { file = "新一代Office,个人和企业生产力提升.pptx"; FileDownload.ResponseFile(context.Request, context.Response, file, "D://document/" + file, 102400); } break; } } else context.Response.Redirect("/Home/Index"); } public bool IsReusable { get { return false; } } } }
前端调用
<a href="download.ashx?PPT_Type=SharePoint&id=0"></a>
这样就可以防止,用户未登录时通过url请求下载文件了。
