I am new to ASP.NET, so forgive me if this is simple.
我是新到ASP。净,所以请原谅我如果这很简单。
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:
我试图拒绝通过web.config访问我的“Admin”文件夹。我查看了另一个类似问题的答案,他们建议使用
path attribute must be a relative virtual path. It cannot start with any of ' ' '.' '/' or '\'. C:\Personal\Projects\OliverSalon\web.config
路径属性必须是相对虚路径。它不能以任何“”开头。“/”或“\”。C:\个人\ \ OliverSalon \ web . config的项目
I have tried placing "Admin", "/Admin" & "Admin/"
我试过把“Admin”、“/ Admin”&“Admin /”
<configuration>
<connectionStrings>
<add name="OliverSalonConnectionString1" connectionString="Data Source=localhost;Initial Catalog=OliverSalon;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="false" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="Oliver" loginUrl="Login.aspx" path="/" timeout="20">
<credentials passwordFormat="Clear">
<user name="OliverSalon" password="cuts"/>
</credentials>
</forms>
</authentication>
<authorization >
<deny users="?"/>
</authorization>
</system.web>
<location path="/Admin">
<system.webServer>
<directoryBrowse enabled="false"/>
</system.webServer>
</location>
1 个解决方案
#1
23
This is way back from my web form days.
这是我从网络时代回来的方式。
Place a web.config in your admin folder.
一个网络。配置管理文件夹。
The contents should be:
内容应该是:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="admin" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
** EDIT to answer your question If you set the login url the framework will automatically send you to the login page if an unauthorized user tries to access your admin folder.
** *编辑以回答您的问题如果您设置了登录url,如果未经授权的用户试图访问您的管理文件夹,框架将自动将您发送到登录页面。
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="20" slidingExpiration="true" cookieless="AutoDetect" protection="All" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx" path="/"/>
</authentication>
#1
23
This is way back from my web form days.
这是我从网络时代回来的方式。
Place a web.config in your admin folder.
一个网络。配置管理文件夹。
The contents should be:
内容应该是:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="admin" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
** EDIT to answer your question If you set the login url the framework will automatically send you to the login page if an unauthorized user tries to access your admin folder.
** *编辑以回答您的问题如果您设置了登录url,如果未经授权的用户试图访问您的管理文件夹,框架将自动将您发送到登录页面。
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="20" slidingExpiration="true" cookieless="AutoDetect" protection="All" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx" path="/"/>
</authentication>