未经身份验证的用户无法在网站中看到图片

时间:2021-01-15 19:21:59

When I run my website through debug mode in visual studio everything looks great and all the images on the page show up fine. But once I deploy my website to an IIS7 web server (doubt that other versions would make any difference, but you never know) then users can't see the images on the site until they log in.

当我在visual studio中通过调试模式运行我的网站时,一切看起来都很棒,页面上的所有图像都显示得很好。但是,一旦我将我的网站部署到IIS7 Web服务器(怀疑其他版本会有所作为,但你永远不知道),那么用户在登录之前无法看到网站上的图像。

The website is an asp.net MVC site and I'm new to MVC, though I do have lots of experience with asp.net forms. It seems that only authenticated users are allowed to access the images folder, and there is an authorization section in my web.config saying that only admins can access the site, so how do I make it so that all users, authenticated or otherwise can view the images?

该网站是一个asp.net MVC网站,我是MVC的新手,虽然我有很多asp.net表单的经验。似乎只允许经过身份验证的用户访问images文件夹,并且我的web.config中有一个授权部分,说只有管理员可以访问该站点,所以我该如何设置它以便所有用户,经过身份验证或以其他方式查看图像?

-- Update --

- 更新 -

I tried putting in the configuration block suggested, which from everything I can tell makes perfect sense, but it didn't seem to make a difference. The sample below has Content/Images for the path but before that I tried just Content, since it's OK for everything in there to be accessible. I also tried setting the allowOverride setting to false, which also didn't seem to make a difference.

我尝试了一下建议的配置块,从我能说的一切都很有道理,但它似乎并没有什么区别。下面的示例包含路径的内容/图像,但在此之前我只尝试了内容,因为可以访问其中的所有内容。我也尝试将allowOverride设置为false,这似乎也没有什么区别。

<location path="Content/Images">
    <system.web>
        <authorization>
            <allow users ="*" />
        </authorization>
    </system.web>
</location>  

--Update 2-- Funny thing is that I don't even see any explicit deny entries in my web.config, just an allow for admin's, and when I went into IIS 7 and used the UI to allow all users access to the Content directory it didn't show any deny's on the list either. But then again, this project works fine when I just debug it from my personal computer, it's only after I deploy it that I have problems...

- 更新2--有趣的是,我甚至没有在web.config中看到任何明确的拒绝条目,只是允许管理员,当我进入IIS 7并使用UI允许所有用户访问它没有在列表中显示任何拒绝的内容目录。但是,当我从我的个人计算机上调试它时,这个项目工作得很好,只有在我部署它之后我才遇到问题......

<authorization>
    <allow roles="admin" />
</authorization>
<authentication mode="Forms">
    <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

7 个解决方案

#1


14  

In your web.config file, after the </system.web> tag, add the following

在web.config文件中,在标记之后添加以下内容

<location path="images">
     <system.web>
       <authorization>
        <allow users ="*" />
       </authorization>
    </system.web>
</location>

where path="images" is the name of the folder with your images/css.

其中path =“images”是您的images / css文件夹的名称。

Update:

If you're using ASP.NET MVC, I would remove the authorization declaration in the web.config file and use the [Authorize] attribute on the controllers that need to be locked down.

如果您正在使用ASP.NET MVC,我将删除web.config文件中的授权声明,并使用需要锁定的控制器上的[Authorize]属性。

You can also specify the roles you want to grant access to using [Authorize("admin")].

您还可以使用[授权(“admin”)]指定要授予其访问权限的角色。

#2


6  

By default, the configuration you define in a Web.config file, applies to every subdirectory of its containing folder. If you have a Web.config in the application root, that configuration will propagate to every subdirectory, including those where you have images and Css style sheets. So, if you have in your root Web.config a rule like this one:

默认情况下,您在Web.config文件中定义的配置适用于其包含文件夹的每个子目录。如果应用程序根目录中有Web.config,则该配置将传播到每个子目录,包括具有图像和Css样式表的子目录。所以,如果你在你的根Web.config中有一个像这样的规则:

<system.web>
...
<authorization>
  <deny users="?"/>
</authorization>
...
</system.web>

anonymous users will not be able to access the resources needed to display the page like you would expect it.

匿名用户将无法像您期望的那样访问显示页面所需的资源。

To fix it, you need to include another Web.config in every subdirectory that has presentation resources, and apply the rules you want to override. In your case, this should do the work:

要解决此问题,您需要在具有演示资源的每个子目录中包含另一个Web.config,并应用您要覆盖的规则。在你的情况下,这应该做的工作:

<?xml version="1.0"?>
<configuration>
   <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
   </system.web>
</configuration>

If you are using Themes, place a single Web.config file in the theme folder.

如果您使用的是主题,请在主题文件夹中放置一个Web.config文件。

#3


6  

Just ran into the same problem. We noticed it on our Login page. The CSS and images weren't loading (they were under the content directory). Adding IUSR to the folder with Read privileges fixed it for us.

刚遇到同样的问题。我们在登录页面上注意到了它。 CSS和图像未加载(它们位于内容目录下)。将IUSR添加到具有读取权限的文件夹中为我们修复了它。

#4


2  

Old question but I came across the same problem and found the answer. I had created a new folder for the Membership pages that I wanted logged-in users to have access to, but the images wouldn't show up in them! It turns out that no matter what I tried I couldn't set a relative path to the images from within the Members folder.

老问题,但我遇到了同样的问题,并找到了答案。我为会员页面创建了一个新文件夹,我希望登录用户可以访问,但图像不会显示在其中!事实证明,无论我尝试什么,我都无法在Members文件夹中设置图像的相对路径。

The problem was the html image (as far as I could tell anyway, correct me if I'm wrong). I swapped it out for an asp:image with a relative path and now it works great. My new code: asp:image runat="server" id="Logo" ImageUrl="~/Images/logo.jpg"

问题是html图像(据我所知,如果我错了,请纠正我)。我把它换成了一个带有相对路径的asp:image,现在效果很好。我的新代码:asp:image runat =“server”id =“Logo”ImageUrl =“〜/ Images / logo.jpg”

Notice the ' ~/ ', that wouldn't work for me with I tried: img src="../Images/logo.jpg", img src="~/Images/logo.jpg", img src="/Images/logo.jpg", etc. to no avail.

请注意'〜/',这对我来说不适合我试过:img src =“../ Images / logo.jpg”,img src =“〜/ Images / logo.jpg”,img src =“/ Images / logo.jpg“等等无济于事。

Hope this answer helps someone solve this problem more quickly in the future.

希望这个答案有助于将来更快地解决这个问题。

#5


1  

Try browsing the image file directly and see if that comes up for an anonymous user. In IIS 7, there is a way in which you can authorize anonymous users directly from your UI [which in turn would create the web.config if it doesn't exist].

尝试直接浏览图像文件,看看是否出现匿名用户。在IIS 7中,有一种方法可以直接从UI中授权匿名用户[如果不存在,则会创建web.config]。

Folder -> .NET Authorization Rules -> Add Allow Rule

文件夹 - > .NET授权规则 - >添加允许规则

#6


0  

Are you using membership framework. I suspect that you have misconfigured your permission settings in web.config and your images folder is only allowing authorised requests. This can be easily change via web.config. Just remove the folder name from your authorised section and this should solve the problem.

您使用的是会员框架吗?我怀疑您在web.config中错误配置了权限设置,而您的images文件夹只允许授权请求。这可以通过web.config轻松更改。只需从您的授权部分删除文件夹名称,这应该可以解决问题。

For your reference this should be the section in web.config if you are using membership framework :

如果您使用的是成员资格框架,那么您应该参考web.config中的部分:

 <authorization>
  <deny roles="xyz" />
</authorization>

#7


0  

We came across the same problem in our project and found a solution, although we are not sure about the reasons of this behaviours.

我们在项目中遇到了同样的问题并找到了解决方案,尽管我们不确定这种行为的原因。

We had a similar scenario, with a folder containing all our png images. Our marketing colleague wanted to rename some of them, so to make it easier for her, we shared (this might be the key) that folder, granting read/writer rights to her.

我们有一个类似的场景,一个包含所有png图像的文件夹。我们的营销同事想要重命名其中一些,所以为了让她更容易,我们共享(这可能是关键)该文件夹,授予她读/写权限。

From this point, the images started behaving as you describe, requiring authorization for being accessed. No unauthorized user could see them any more.

从这一点开始,图像开始按照您的描述运行,需要授权才能访问。没有未经授权的用户可以再看到它们。

We realized that the problem was related to sharing the folder because it started happening at that point of time. Otherwise we still don't see any relationship among ASP.NET MVP user authorization/login and hard disk user rights. We could have expected an IO Exception or something similar, but not this behaviour.

我们意识到问题与共享文件夹有关,因为它在那个时间点开始发生。否则,我们仍然看不到ASP.NET MVP用户授权/登录和硬盘用户权限之间的任何关系。我们本可以预料到IO异常或类似的东西,但不是这种行为。

After checking the folder, and comparing with other folders, we realized that after sharing, the permissions on the folder had slightly changed. Mainly they did not inherit from its parent folder anymore and some permissions such as CREATOR OWNER and MACHINE_NAME\Users had dissapeared (although IUSR and the app pool user were still there).

检查文件夹,并与其他文件夹进行比较后,我们意识到共享后,文件夹的权限略有变化。主要是他们不再继承其父文件夹,并且CREATOR OWNER和MACHINE_NAME \ Users等权限已经消失(尽管IUSR和应用程序池用户仍在那里)。

So, we renamed that folder, created a new one with the same name, and copied the content from the old folder to the new one. The new folder had the permissions inherited from its parent and everything started to work perfectly again.

因此,我们重命名该文件夹,创建一个具有相同名称的新文件夹,并将内容从旧文件夹复制到新文件夹。新文件夹具有从其父级继承的权限,一切都开始完美地工作。

It solved our problem, but we are still not sure why this all happened this way.

它解决了我们的问题,但我们仍然不确定为什么这一切都是这样发生的。

Regards

问候

#1


14  

In your web.config file, after the </system.web> tag, add the following

在web.config文件中,在标记之后添加以下内容

<location path="images">
     <system.web>
       <authorization>
        <allow users ="*" />
       </authorization>
    </system.web>
</location>

where path="images" is the name of the folder with your images/css.

其中path =“images”是您的images / css文件夹的名称。

Update:

If you're using ASP.NET MVC, I would remove the authorization declaration in the web.config file and use the [Authorize] attribute on the controllers that need to be locked down.

如果您正在使用ASP.NET MVC,我将删除web.config文件中的授权声明,并使用需要锁定的控制器上的[Authorize]属性。

You can also specify the roles you want to grant access to using [Authorize("admin")].

您还可以使用[授权(“admin”)]指定要授予其访问权限的角色。

#2


6  

By default, the configuration you define in a Web.config file, applies to every subdirectory of its containing folder. If you have a Web.config in the application root, that configuration will propagate to every subdirectory, including those where you have images and Css style sheets. So, if you have in your root Web.config a rule like this one:

默认情况下,您在Web.config文件中定义的配置适用于其包含文件夹的每个子目录。如果应用程序根目录中有Web.config,则该配置将传播到每个子目录,包括具有图像和Css样式表的子目录。所以,如果你在你的根Web.config中有一个像这样的规则:

<system.web>
...
<authorization>
  <deny users="?"/>
</authorization>
...
</system.web>

anonymous users will not be able to access the resources needed to display the page like you would expect it.

匿名用户将无法像您期望的那样访问显示页面所需的资源。

To fix it, you need to include another Web.config in every subdirectory that has presentation resources, and apply the rules you want to override. In your case, this should do the work:

要解决此问题,您需要在具有演示资源的每个子目录中包含另一个Web.config,并应用您要覆盖的规则。在你的情况下,这应该做的工作:

<?xml version="1.0"?>
<configuration>
   <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
   </system.web>
</configuration>

If you are using Themes, place a single Web.config file in the theme folder.

如果您使用的是主题,请在主题文件夹中放置一个Web.config文件。

#3


6  

Just ran into the same problem. We noticed it on our Login page. The CSS and images weren't loading (they were under the content directory). Adding IUSR to the folder with Read privileges fixed it for us.

刚遇到同样的问题。我们在登录页面上注意到了它。 CSS和图像未加载(它们位于内容目录下)。将IUSR添加到具有读取权限的文件夹中为我们修复了它。

#4


2  

Old question but I came across the same problem and found the answer. I had created a new folder for the Membership pages that I wanted logged-in users to have access to, but the images wouldn't show up in them! It turns out that no matter what I tried I couldn't set a relative path to the images from within the Members folder.

老问题,但我遇到了同样的问题,并找到了答案。我为会员页面创建了一个新文件夹,我希望登录用户可以访问,但图像不会显示在其中!事实证明,无论我尝试什么,我都无法在Members文件夹中设置图像的相对路径。

The problem was the html image (as far as I could tell anyway, correct me if I'm wrong). I swapped it out for an asp:image with a relative path and now it works great. My new code: asp:image runat="server" id="Logo" ImageUrl="~/Images/logo.jpg"

问题是html图像(据我所知,如果我错了,请纠正我)。我把它换成了一个带有相对路径的asp:image,现在效果很好。我的新代码:asp:image runat =“server”id =“Logo”ImageUrl =“〜/ Images / logo.jpg”

Notice the ' ~/ ', that wouldn't work for me with I tried: img src="../Images/logo.jpg", img src="~/Images/logo.jpg", img src="/Images/logo.jpg", etc. to no avail.

请注意'〜/',这对我来说不适合我试过:img src =“../ Images / logo.jpg”,img src =“〜/ Images / logo.jpg”,img src =“/ Images / logo.jpg“等等无济于事。

Hope this answer helps someone solve this problem more quickly in the future.

希望这个答案有助于将来更快地解决这个问题。

#5


1  

Try browsing the image file directly and see if that comes up for an anonymous user. In IIS 7, there is a way in which you can authorize anonymous users directly from your UI [which in turn would create the web.config if it doesn't exist].

尝试直接浏览图像文件,看看是否出现匿名用户。在IIS 7中,有一种方法可以直接从UI中授权匿名用户[如果不存在,则会创建web.config]。

Folder -> .NET Authorization Rules -> Add Allow Rule

文件夹 - > .NET授权规则 - >添加允许规则

#6


0  

Are you using membership framework. I suspect that you have misconfigured your permission settings in web.config and your images folder is only allowing authorised requests. This can be easily change via web.config. Just remove the folder name from your authorised section and this should solve the problem.

您使用的是会员框架吗?我怀疑您在web.config中错误配置了权限设置,而您的images文件夹只允许授权请求。这可以通过web.config轻松更改。只需从您的授权部分删除文件夹名称,这应该可以解决问题。

For your reference this should be the section in web.config if you are using membership framework :

如果您使用的是成员资格框架,那么您应该参考web.config中的部分:

 <authorization>
  <deny roles="xyz" />
</authorization>

#7


0  

We came across the same problem in our project and found a solution, although we are not sure about the reasons of this behaviours.

我们在项目中遇到了同样的问题并找到了解决方案,尽管我们不确定这种行为的原因。

We had a similar scenario, with a folder containing all our png images. Our marketing colleague wanted to rename some of them, so to make it easier for her, we shared (this might be the key) that folder, granting read/writer rights to her.

我们有一个类似的场景,一个包含所有png图像的文件夹。我们的营销同事想要重命名其中一些,所以为了让她更容易,我们共享(这可能是关键)该文件夹,授予她读/写权限。

From this point, the images started behaving as you describe, requiring authorization for being accessed. No unauthorized user could see them any more.

从这一点开始,图像开始按照您的描述运行,需要授权才能访问。没有未经授权的用户可以再看到它们。

We realized that the problem was related to sharing the folder because it started happening at that point of time. Otherwise we still don't see any relationship among ASP.NET MVP user authorization/login and hard disk user rights. We could have expected an IO Exception or something similar, but not this behaviour.

我们意识到问题与共享文件夹有关,因为它在那个时间点开始发生。否则,我们仍然看不到ASP.NET MVP用户授权/登录和硬盘用户权限之间的任何关系。我们本可以预料到IO异常或类似的东西,但不是这种行为。

After checking the folder, and comparing with other folders, we realized that after sharing, the permissions on the folder had slightly changed. Mainly they did not inherit from its parent folder anymore and some permissions such as CREATOR OWNER and MACHINE_NAME\Users had dissapeared (although IUSR and the app pool user were still there).

检查文件夹,并与其他文件夹进行比较后,我们意识到共享后,文件夹的权限略有变化。主要是他们不再继承其父文件夹,并且CREATOR OWNER和MACHINE_NAME \ Users等权限已经消失(尽管IUSR和应用程序池用户仍在那里)。

So, we renamed that folder, created a new one with the same name, and copied the content from the old folder to the new one. The new folder had the permissions inherited from its parent and everything started to work perfectly again.

因此,我们重命名该文件夹,创建一个具有相同名称的新文件夹,并将内容从旧文件夹复制到新文件夹。新文件夹具有从其父级继承的权限,一切都开始完美地工作。

It solved our problem, but we are still not sure why this all happened this way.

它解决了我们的问题,但我们仍然不确定为什么这一切都是这样发生的。

Regards

问候