表单身份验证问题与排除页面 [英] Form authentication issue with excluding pages
问题描述
问候我已经为我的管理目录使用了表单身份验证,并且我已经排除了我的根Webforms并且我已将其上传到主机上,现在每当我调用域时,它都希望我先进行身份验证。但是如果我调用Domain / index.aspx就可以了。我不知道如何解决这个问题。
我尝试过:
Greetings i've used Form Authentication for my Admin Directory and i've excluded my root Webforms and i've uploaded it on Host, now whenever i call the domain, it wants me to Authenticate first. but if i call Domain/index.aspx for example it works. i dont know how to fix this issue.
What I have tried:
<system.web>
<machineKey validationKey="74222414ADCEF7AD77EBDDEEF79D2ED08F23BBA5BE82154DF47135ACF39F60F29CFA095BE6B707799DF70A53BFA4B43D336789D552DBC4D9542C6F97DFC12256" decryptionKey="25D197E2D9E761C61CAB460F3F67936FF569394BDB7C48C6B02DB2C71B306EA0" validation="SHA1" decryption="AES" />
<pages validateRequest="false" />
<!--<customErrors mode="On">
<error statusCode="404" redirect="~/error/default.html" />
</customErrors>-->
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="~/Admin/Login.aspx" protection="All" timeout="120" defaultUrl="~/Admin/Default.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<location path="Index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Contactus.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Blogdetails.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Blog.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Aboutus.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
推荐答案
再次查看您的配置。你告诉它你的应用程序中的每个URL 除了Index.aspx,Contactus.aspx,Blogdetails.aspx,Blog.aspx和Aboutus.aspx需要身份验证。
当您请求应用程序的根目录时,URL不包含任何这些页面,因此请求需要身份验证。
更改配置,拒绝匿名访问您要保护的页面和文件夹。
Look at your configuration again. You've told it that every URL in your application exceptIndex.aspx,Contactus.aspx,Blogdetails.aspx,Blog.aspxandAboutus.aspxrequires authentication.
When you request the root of your application, the URL does not contain any of those pages, so the request requires authentication.
Change the configuration around, and deny anonymous access to the pages and folders you want to protect.
<system.web>
<machineKey ... />
<pages validateRequest="false" />
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="~/Admin/Login.aspx" protection="All" timeout="120" defaultUrl="~/Admin/Default.aspx" />
</authentication>
<!-- NB: Remove the <authorization> element here... -->
</system.web>
<!-- Now deny anonymous access to any pages / folders you want to protect: -->
<location path="admin">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
对于文件夹,您还可以使用授权规则在文件夹中创建 web.config 文件,不使用location元素:
For folders, you could also create a web.config file within the folder with the authorization rules, without using the location element:
<!-- /admin/web.config -->
<configuration>
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</configuration>
注意:您应该从不将< machineKey> 详细信息发布到公共论坛。这些是私人加密密钥,允许任何人入侵您的网站。您应该尽快更改这些密钥!
NB: You should never post your <machineKey> details to a public forum. Those are private encryption keys, which would allow anyone to hack into your site. You should change those keys ASAP!
这篇关于表单身份验证问题与排除页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
