The invention belongs to the field of network security, and particularly relates to a data resource security control method in a thin client mode. The data resource security control method in the thin client mode comprises eight subsystems, namely the identity authentication subsystem, the remote application service subsystem, the security label subsystem, the file access control subsystem, the security communication subsystem, the security audit subsystem, the security storage subsystem and the management platform subsystem. Storage and control of files are mainly performed on a background server, the files are stored in different partitions according to user types or security levels of the files, the files are stored and protected, and a server side can not recognize the content of the files. When a user needs to have access to and process the files, the user logs in on a browser, identity authentication is conducted between the user and a server, and then file access connection is established. The files of a thin client are processed on the server side (provided by a physical application server or a virtual application server), no application or agent needs to be installed on the thin client, and interface interoperability is supported by related services released by remote application services.