asp.net代码练习 work051 通过session会话防止盗链

webform1.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm1.aspx.cs" Inherits="work051.WebForm1" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>通过session会话防止盗链</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <a href="download/1.rar">下载</a>
        <br />
        <br />
        <br />
        <br />
        <asp:Button ID="Button1" runat="server" Text="清除会话session，再试试下载" OnClick="Button1_Click" />
    </div>
    </form>
</body>
</html>

webform1.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace work051
{
    public partial class WebForm1 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            Session["visited"] = true;
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            Session.Remove("visited");
        }
    }
}

web.config

<?xml version="1.0" encoding="utf-8"?>

<!--
  有关如何配置 ASP.NET 应用程序的详细信息，请访问
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->

<configuration>
    <system.web>
      <compilation debug="true" targetFramework="4.5" />
      <httpRuntime targetFramework="4.5" />
    </system.web>
  <location path="download">
    <system.webServer>
      <handlers>
        <add name="1" verb="*" path="*" type="work051.ForbiddenThief"/>
      </handlers>
    </system.webServer>
  </location>
</configuration>

forbiddenthief.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace work051
{
    public class ForbiddenThief :IHttpHandler,System.Web.SessionState.IRequiresSessionState
    {
        public ForbiddenThief()
        { 
        
        }

        public bool IsReusable
        {
            get
            {
                return true;
            }
        }

        public void ProcessRequest(System.Web.HttpContext context)
        {
            System.Web.HttpRequest request = context.Request;
            System.Web.HttpResponse response = context.Response;

            string requestFile = request.PhysicalPath;
            System.Web.SessionState.HttpSessionState session1 = context.Session;

            if (session1["visited"] == null)
            {
                response.Write("请不要盗用本站链接，从首页访问<a href='../WebForm1.aspx'>首页</a>");

            }
            else
            {
                if (System.IO.File.Exists(requestFile))
                {
                    WriteF(requestFile, response);
                }
                else
                {
                    response.Write("你下载的文件不存在。<a href='../WebForm1.aspx'>首页</a>");
                }
                //session1.Remove("visited");
            }
        }

        private void WriteF(string path, HttpResponse response)
        {
            string extension = System.IO.Path.GetExtension(path);
            string contentType = GetMimeType(extension);
            response.Clear();
            response.ContentType = contentType;
            string fileName = System.IO.Path.GetFileName(path);
            response.AddHeader("Content-Disposition","attachment;filename=" + fileName);
            response.WriteFile(path);
        }

        private string GetMimeType(string extension)
        {
            string mime = string.Empty;
            extension = extension.ToLower();
            switch (extension)
            { 
                case ".zip":
                    mime = "application/x-zip-compressed";
                    break;
                default:

                    break;
            }
            return mime;
        }


    }
}

根目录建个文件夹download，内放一个1.rar文件。