如何安全地发送直接FTP链接

问题描述 投票:0回答:2

我写了asp.net Web服务来生成ftp下载链接并将其发送到客户端浏览器,以便客户端可以下载它。链接是这样的:

<a href='ftp://test:test@10:10:10:10:21/test.txt'>download</a>

我通过Ajax响应链接发送了该链接。

所以如何防止用户查看我的ftp用户和密码?或如何加密链接?

html asp.net ftp
2个回答
0
投票

至少出于两个原因,您不应使用ftp:// URL:

  • 您公开凭据(如您所知),并且没有办法隐藏它们;
  • 所有主要的FTP浏览器逐渐都是removing a support for FTP

相反,您必须将下载链接指向您网站上的脚本。并让脚本从FTP下载文件,并将其流回Web浏览器。

有关在ASP.NET中实现此类脚本的示例,请参见以下问题:Download file from FTP and how prompt user to save/open file in ASP.NET C#

0
投票

感谢马丁。这是我的代码,用于发送数据块,但浏览器中没有任何反应。(我正在使用fluentftp 库。)

[WebMethod(enableSession: true)]
public void GetDownloadLink(string brandName, string modelName, string osName, string file)
{
  if (!FtpConnect())
            throw new Exception("Error ftp connection.");
  byte[] buffer = new byte[1024];
  string path = "disk1/Drivers/" + GetFtpBrands(brandName) + "/" + modelName + "/" + osName + "/"  +file;
  HttpContext.Current.Response.Clear();
  HttpContext.Current.Response.ClearContent();
  HttpContext.Current.Response.BufferOutput = true;
  HttpContext.Current.Response.ContentType = "application/octet-stream";
  HttpContext.Current.Response.AddHeader("content-disposition", "attachment;filename=" + file);
  FtpDataStream inputStream = (FtpDataStream) ftp.OpenRead(path,FtpDataType.Binary);

  int read = 0;
  while ((read = inputStream.Read(buffer, 0, buffer.Length)) > 0)
  {
       HttpContext.Current.Response.OutputStream.Write(buffer, 0, read);
       HttpContext.Current.Response.Flush(); // Sends all currently buffered output to the client.
  }
  inputStream.Close();
  HttpContext.Current.Response.OutputStream.Close();
}

和jquery:

function GetDlLink(brandName, model, os, file) {
       $.ajax({
           type: 'POST',
           url: 'WS/Drivers.asmx/GetDownloadLink',
           data: JSON.stringify(
               {
                   brandName: brandName,
                   modelName: model,
                   osName: os,
                   file: file
               }),
           cache: false,
           contentType: 'application/json; charset=utf-8',
           processData: false,
           responseType: 'blob',
           // ******* this is important for getting binary response types *******************
           xhrFields: {
               responseType: 'blob'
           },
           //==================================================================

           // function for openning browser download dialog
           success: function(data) {
               var blob = new Blob([data]);
               var link = document.createElement('a');
               link.href = window.URL.createObjectURL(blob);
               link.download = file;
               link.click();
           },
           error: function(xhr, ajaxOptions, thrownError) {
              alert("error");

           }
       });
   }

但浏览器中什么都没有发生!!

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.