I'm supporting a site that still uses mixed ASP.NET and ASP Classic. The user receives a 'You are not authorized' error page while accessing certain ASP Classic page. I've checked her active directory account and she could access other pages in the said site. Can it be attributed to classic ASP or to IIS?
我支持一个仍然使用混合ASP.NET和ASP Classic的网站。用户在访问某些ASP Classic页面时收到“您未经授权”错误页面。我检查了她的活动目录帐户,她可以访问该网站中的其他页面。可以归结为经典ASP还是IIS?
3 个解决方案
#1
2
ASP is entirely dependent on the underlying IIS and the OS for security. It has none of its own. In ASP you access Request.ServerVariables("AUTH_USER"), etc. when the connection is authenticated, but this is done by IIS.
ASP完全依赖于底层IIS和操作系统的安全性。它没有自己的。在ASP中,您在连接通过身份验证时访问Request.ServerVariables(“AUTH_USER”)等,但这是由IIS完成的。
#2
2
ASP Classic is a very simple framework. I cannot imagine it has its own security framework (I assume that means user authentication, etc.) unless it was programmed into the application itself.
ASP Classic是一个非常简单的框架。我无法想象它有自己的安全框架(我认为这意味着用户身份验证等),除非它被编程到应用程序本身。
#3
1
You can force ASP to use the ASP.NET authentication by making a few changes in IIS so ASP files are using the aspnet_isapi.dll just like the asp.net pages.
您可以通过在IIS中进行一些更改来强制ASP使用ASP.NET身份验证,这样ASP文件就像asp.net页面一样使用aspnet_isapi.dll。
Scott Guthrie published an article about this Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs
Scott Guthrie发表了一篇关于此提示/技巧的文章:将ASP.NET安全性与经典ASP和非ASPP.NET URL集成
Once you make this change classic asp pages can be protected just as asp.net pages using the standard asp.net security features.
一旦你做了这个改变,经典的asp页面就可以像使用标准的asp.net安全功能的asp.net页面一样受到保护。
#1
2
ASP is entirely dependent on the underlying IIS and the OS for security. It has none of its own. In ASP you access Request.ServerVariables("AUTH_USER"), etc. when the connection is authenticated, but this is done by IIS.
ASP完全依赖于底层IIS和操作系统的安全性。它没有自己的。在ASP中,您在连接通过身份验证时访问Request.ServerVariables(“AUTH_USER”)等,但这是由IIS完成的。
#2
2
ASP Classic is a very simple framework. I cannot imagine it has its own security framework (I assume that means user authentication, etc.) unless it was programmed into the application itself.
ASP Classic是一个非常简单的框架。我无法想象它有自己的安全框架(我认为这意味着用户身份验证等),除非它被编程到应用程序本身。
#3
1
You can force ASP to use the ASP.NET authentication by making a few changes in IIS so ASP files are using the aspnet_isapi.dll just like the asp.net pages.
您可以通过在IIS中进行一些更改来强制ASP使用ASP.NET身份验证,这样ASP文件就像asp.net页面一样使用aspnet_isapi.dll。
Scott Guthrie published an article about this Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs
Scott Guthrie发表了一篇关于此提示/技巧的文章:将ASP.NET安全性与经典ASP和非ASPP.NET URL集成
Once you make this change classic asp pages can be protected just as asp.net pages using the standard asp.net security features.
一旦你做了这个改变,经典的asp页面就可以像使用标准的asp.net安全功能的asp.net页面一样受到保护。