All geek questions in one place

Owin only supports files in a specific folder

So, I play with Owin and Katana, and I want to use static files in my shared folder.

I have a Content folder with style lists and a script folder.

My launch:

public void Configuration(IAppBuilder app) { #if DEBUG //when things go south app.UseErrorPage(); #endif // Remap '/' to '.\public\'. // Turns on static files and public files. app.UseFileServer(new FileServerOptions() { RequestPath = PathString.Empty, FileSystem = new PhysicalFileSystem(@".\public"), }); }

So, if I go to localhost: 8861 / I go to the index.html file in my shared folder. This is normal. But I can also go to my localhost: 8861 / Content / style.css, which I want to block. Everything that the user needs should be available in the shared folder. The rest should be blocked.

How can i achieve this?

+5
source share
2 answers

The file server configuration is correct and does not allow access to other folders. I tested it as part of the OWIN self-study project, and it works as expected, with only access to the shared folder. I assume that you are using IIS to host your OWIN application (so your application is not self-service). If so, the IIS Static File Handler allows you to use stylish files and directories (and your content folder). Thus, you can search how to disable access to static files in IIS (can be done in web.config) or how to restrict access to some of them.

You can remove the StaticFile Handler from the website configuration, but you must do this carefully, because from now on IIS will not serve static files at all.

 <configuration> <system.webServer> <handlers> <remove name="StaticFile" /> </handlers> </system.webServer> </configuration>
+1
source

If you need to process files with bare bones, with absolute control over the files that you make or not, you want to serve, you can take complete control with the help of some medium subject. I did this because I wanted the file to be disabled during the development process.

 using System; using System.Collections.Generic; using System.IO; using System.Threading.Tasks; using System.Web; namespace Owin { using AppFunc = Func<IDictionary<string, object>, Task>; public static class DynamicFileExtension { /// <summary> /// ONLY use during development /// </summary> public static void UseDynamicFiles(this IAppBuilder app, string baseDirectory) { app.Use(new Func<AppFunc, AppFunc>(next => (async context => { var method = (string) context["owin.RequestMethod"]; var requestpath = (string) context["owin.RequestPath"]; var scheme = (string) context["owin.RequestScheme"]; var response = (Stream) context["owin.ResponseBody"]; var responseHeader = (Dictionary<string, string[]>) context["owin.ResponseHeaders"]; if (method == "GET" && scheme == "http") { var fullpath = baseDirectory + requestpath; // block logic... if (File.Exists(fullpath)) { using (var file = File.OpenRead(fullpath)) { await file.CopyToAsync(response); } var mime = MimeMapping.GetMimeMapping(fullpath); responseHeader.Add("Content-Type", new[] {mime}); return; } } await next.Invoke(context); }))); } } }

I would not use it in production, but it helped.

+2
source

Source: https://habr.com/ru/post/1201273/

More articles:


All Articles