In my ASP.NET's Web Config file I have the following location elements defined:
在我的ASP.NET的Web Config文件中,我定义了以下位置元素:
<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="dir1">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="dir2">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2.
上面的示例指定除了两个目录dir1和dir2之外,所有目录都将被锁定到匿名用户。
I'm curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this...
我很好奇是否有我可以使用的语法,这将允许我在一个位置元素中定义多个目录。例如,如果我们可以做这样的事情会很方便......
<location path="dir1,dir2,etc">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
3 个解决方案
#1
14
sorry, but path property doesn't allow to use "," so you must write tag for all path, Or you can create web.config in each directory.
抱歉,但path属性不允许使用“,”因此您必须为所有路径编写标记,或者您可以在每个目录中创建web.config。
#2
36
You cannot specify multiple elements in the path attribute, but you can make use of the configSource attribute.
您不能在path属性中指定多个元素,但可以使用configSource属性。
For example, the following original web.config file:
例如,以下原始web.config文件:
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can be replaced by the following equivalent web.config, allow.config, and deny.config files:
可以使用以下等效的web.config,allow.config和deny.config文件替换:
web.config
web.config中
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
</configuration>
allow.config
allow.config
<?xml version="1.0"?>
<authorization>
<allow users="*"/>
</authorization>
deny.config
deny.config
<?xml version="1.0"?>
<authorization>
<deny users="*"/>
</authorization>
The usefulness of this approach increases as the number of allow/deny rules in each section increases.
随着每个部分中允许/拒绝规则的数量增加,此方法的有用性也会增加。
#3
0
it is possible to set path to a specific folder. For example we have some aspx pages:
可以设置特定文件夹的路径。例如,我们有一些aspx页面:
- /data/pages/form1.aspx
- /data/pages/form1.aspx
- /data/pages/form2.aspx
- /data/pages/form2.aspx
- /data/pages/form3.aspx
- /data/pages/form3.aspx
By creating this rule in web.config:
通过在web.config中创建此规则:
<location path="data/pages">
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Frame-Options" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
All resources in data/pages will be affected.
数据/页面中的所有资源都将受到影响。
#1
14
sorry, but path property doesn't allow to use "," so you must write tag for all path, Or you can create web.config in each directory.
抱歉,但path属性不允许使用“,”因此您必须为所有路径编写标记,或者您可以在每个目录中创建web.config。
#2
36
You cannot specify multiple elements in the path attribute, but you can make use of the configSource attribute.
您不能在path属性中指定多个元素,但可以使用configSource属性。
For example, the following original web.config file:
例如,以下原始web.config文件:
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can be replaced by the following equivalent web.config, allow.config, and deny.config files:
可以使用以下等效的web.config,allow.config和deny.config文件替换:
web.config
web.config中
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
</configuration>
allow.config
allow.config
<?xml version="1.0"?>
<authorization>
<allow users="*"/>
</authorization>
deny.config
deny.config
<?xml version="1.0"?>
<authorization>
<deny users="*"/>
</authorization>
The usefulness of this approach increases as the number of allow/deny rules in each section increases.
随着每个部分中允许/拒绝规则的数量增加,此方法的有用性也会增加。
#3
0
it is possible to set path to a specific folder. For example we have some aspx pages:
可以设置特定文件夹的路径。例如,我们有一些aspx页面:
- /data/pages/form1.aspx
- /data/pages/form1.aspx
- /data/pages/form2.aspx
- /data/pages/form2.aspx
- /data/pages/form3.aspx
- /data/pages/form3.aspx
By creating this rule in web.config:
通过在web.config中创建此规则:
<location path="data/pages">
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Frame-Options" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
All resources in data/pages will be affected.
数据/页面中的所有资源都将受到影响。