看看这个 - http://support.microsoft.com/kb/301240
查找点4该条下 - “代码中的事件处理程序,以便它验证用户凭证”,它解释了你如何设置身份验证cookie验证用户
码看后:
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now,
DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires=tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);
你可以做的是:
1. Enable form authentication in web.config
2. deny anonymous access to downloads folder
3. When user authenticates, set authentication cookie and redirect user to download folder
4. download folder now can only be accessed by logged in user and id
这是正确的做法使用的代码。点击链接 – 2012-03-08 05:19:13
限制任何访问的文件夹并使用download.aspx文件夹中的response.writefile。 – 2012-03-08 06:08:13