1、直接给出地址:完全暴露不安全,直接输入地址下载的方式应该是用措施制止的,这样会绕过权限验证。而且在附件名称带有一些符合时会影响到对附件的访问。比如% +等。
2、return File:这种方式可避免上面的问题
public ActionResult Download(int? id)
{
if (判断id是否合法)
{
attachment att = db.attachment.Find(id);得到附件信息
string contentType = MimeMapping.GetMimeMapping(att.地址);得到文件类型
string filePath = Server.MapPath(att.地址);//路径
return File(filePath,contentType,att.文件名);//filename不写自动把id参数当下载文件名
}
else
{
return RedirectToAction("错误提示view });
}
}
下面是网上说的其他几种方式
http://www.cnblogs.com/raohuagang/p/3903433.html
http://blog.163.com/zhi_qingfang@126/blog/static/1174775632012647453401/
3、FilePathResult:public FilePathResult File(string fileName, string contentType, string fileDownloadName);
public FilePathResult GetFileFromDisk()
{
string path = AppDomain.CurrentDomain.BaseDirectory + "uploads/";
string fileName = "test.txt";
return File(path + fileName, "text/plain", "test.txt");
}
4、FileStreamResult: public FileStreamResult File(Stream fileStream, string contentType, string fileDownloadName);
public FileStreamResult StreamFileFromDisk()
{
string path = AppDomain.CurrentDomain.BaseDirectory + "uploads/";
string fileName = "test.txt";
return File(new FileStream(path + fileName, FileMode.Open), "text/plain", fileName);
}
5、
public
FileContentResult
(
byte
[] fileContents,
string
contentType);