In my virutal directory,there is a subdirectory ,which holds some files that allow others to download,but if one want to download the file ,he must login first.after that ,he can use my programe to query the file and find it ,then download it .but if he knows
the file Url,he can bybass the process.for example ,one of my file living in "File" subdirectory,with the name is file1.doc.he can download by send the request http://myserver/file/file1.doc ,then the file file1.doc will be downloaded by him. I add a section
in my web.config file .it likes this: when someone want to get the file in Files directory,the class CheckSession will checck him if he has the right to do .but the class doesn't work. and i find ,if i take a aspx file in the directory,it works well. buy why
?who can help me ? thank you!
Member
10 Points
101 Posts
how to protect my file.
Sep 15, 2004 03:26 AM|Liu_andi|LINK