crosspost:https://orchard.codeplex.com/discussions/471384返回文件在網站與認證
我使用的是果園CMS 1.7,我們鎖定來自匿名用戶的整個網站(管理 - >用戶 - >角色 - >勾去掉網站前端)。現在,每個頁面或文件都需要人們在訪問之前進行身份驗證。
現在,我們試圖提供一些可供下載的文件的選項,具體取決於特定內容類型的字段。
問題
當我下載的文件,而我認證,我得到它沒有問題。如果我是匿名的,我會得到文件(正確的文件名和類型),但它沒有內容和大小(0字節)。我很確定這是一個身份驗證問題,因爲當我啓用對站點前端的匿名訪問時,它都可以正常工作。
這是恢復該文件(redirectLink是文件路徑)的實際代碼:
var cd = new System.Net.Mime.ContentDisposition
{
FileName = fileName,
Inline = false
};
Response.AppendHeader("Content-Disposition", cd.ToString());
return File(HttpUtility.UrlDecode(redirectLink), mimeType);
這裏是我的完整代碼(控制器動作):這使我對這些問題
[AlwaysAccessible]
public ActionResult Download(int resourceId)
{
//set default unsecure value to false
bool isUnsecured = false;
var resourceItem = ContentManager.Get(resourceId);
if (resourceItem == null || resourceItem.ContentType != "Resource")
{
// TODO: log that ID not found??
return new HttpStatusCodeResult(HttpStatusCode.NotFound);
}
var resourcePart = resourceItem.Parts.FirstOrDefault(p => p.PartDefinition.Name == resourceItem.ContentType);
//retrieve unsecure boolean
if (resourcePart != null)
{
var unsecuredField = resourcePart.Fields.FirstOrDefault(f => f.Name == "Unsecured");
if (unsecuredField != null)
{
isUnsecured = unsecuredField.Storage.Get<bool>();
}
}
//check if unsecured resource/allow anonymous downloads
//see Orchard.Security.SecurityFilter - I'm not sure where this is actually used in Orchard though...
if (!isUnsecured && !Services.Authorizer.Authorize(StandardPermissions.AccessFrontEnd, T("Unauthenticated")))
{
return new HttpUnauthorizedResult();
}
if (resourcePart != null)
{
// TODO: Potential concurrency issues?
var downloadCountPart = resourcePart.As<DownloadCountPart>();
if (downloadCountPart != null)
{
downloadCountPart.Total++;
ContentManager.Publish(resourceItem);
}
// Do the redirection/serving of item!
// Prioritize link field over resource field, according to the UI
var linkedField = resourcePart.Fields.FirstOrDefault(f => f.Name == "LinkedFile");
if (linkedField != null)
{
var redirectLink = linkedField.Storage.Get<string>();
if (redirectLink != null)
{
return Redirect(redirectLink);
}
}
var resourceField = resourcePart.Fields.First(f => f.Name == "ResourceFile");
if (resourceField != null)
{
var resourceMPF = (resourceField as MediaLibraryPickerField);
if (resourceMPF != null && resourceMPF.MediaParts != null && resourceMPF.MediaParts.Count() > 0)
{
var fileName = resourceMPF.MediaParts.First().FileName;
var mimeType = resourceMPF.MediaParts.First().MimeType;
var redirectLink = resourceMPF.MediaParts.First().MediaUrl; //to check: first? when are there multiple?
if(!string.IsNullOrWhiteSpace(redirectLink))
{
var cd = new System.Net.Mime.ContentDisposition
{
FileName = fileName,
Inline = false
};
Response.AppendHeader("Content-Disposition", cd.ToString());
return File(HttpUtility.UrlDecode(redirectLink), mimeType);
}
}
}
}
return new HttpStatusCodeResult(HttpStatusCode.NotFound);
}
:
- 事件返回文件,它仍然考慮到當前用戶 以及該人是否被認證?
- 我可以使用模擬來繞過此問題嗎?
任何建議或信息將不勝感激。謝謝!
工作完美,雖然它並沒有立即反映出來。我繼續在App_Data中刪除cache.dat和其他東西,只要確保。謝謝! – AnimaSola
很高興聽到:-)。 – Piedone