使用web。配置目录安全性和无扩展url

时间:2021-07-23 02:26:19

I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows:

我想使用内置在web中的目录安全特性。配置以限制对父页面的子页面的访问。我的结构如下:

  • Members
  • 成员
  • Members/News
  • 成员/新闻
  • Members/Press
  • 成员/新闻
  • Members/Movies
  • 成员/电影

Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

用户应该能够访问成员的父页面,而不是子页面。我的问题是,因为我使用的是无扩展的url, web。config认为这是一个目录,因此访问被阻塞。是否有一种方法只能限制子页面的访问?

1 个解决方案

#1

3  

This configuration should do the trick. It is enabling anonymous access for the entire website, except for the additional locations - they need an authenticated user to work.

这种配置应该可以达到目的。它支持对整个网站的匿名访问,除了其他位置——他们需要一个经过身份验证的用户来工作。

<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms loginUrl="Login" defaultUrl="Members" />
        </authentication>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>

    <location path="Members/News">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Press">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Movies">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

</configuration>

#1

3  

This configuration should do the trick. It is enabling anonymous access for the entire website, except for the additional locations - they need an authenticated user to work.

这种配置应该可以达到目的。它支持对整个网站的匿名访问,除了其他位置——他们需要一个经过身份验证的用户来工作。

<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms loginUrl="Login" defaultUrl="Members" />
        </authentication>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>

    <location path="Members/News">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Press">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Movies">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

</configuration>
标签:

相关文章