asp.net授权问题授权大家 [英] asp.net authorization problem authorizes everyone
问题描述
所以我得到了 2 个 .aspx 文件.一种称为登录,一种称为默认.这个想法是当您启动应用程序时,您将被踢到登录屏幕.我在 default.aspx.vb 文件中使用以下代码执行此操作:
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)如果(HttpContext.Current.User.Identity.IsAuthenticated = False)那么Response.Redirect("登录.aspx")万一结束子
问题是您总是出于某种原因进行身份验证.它总是返回真.我的网络配置文件如下所示:
<预><代码><配置><应用设置><add key="strConn" value="EDITED"/></appSettings><location path="~/Styles"><system.web><customErrors 模式 ="关闭"></customErrors><认证模式=表单"><表格名称=".ASPXAUTH"loginUrl="登录.aspx"保护=全部"超时=30"路径="/"></表格></认证><授权><拒绝用户=?"/><allow users="*"/></授权><compilation debug="true" strict="false" explicit="true" targetFramework="4.0"><组件><add assembly="Microsoft.Data.Odbc, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/><add assembly="system.web.security"/></组件></编译></system.web></位置></配置>我试过也没有改变任何东西.用户通过数据库进行身份验证.目前我在 Visual Studio 中运行该程序,而不是在我的网站上.通过数据库检查用户后,我使用以下代码:
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkPersistCookie.Checked)
那么知道为什么人们总是获得授权吗?
我认为问题在于位置标记.您只是将这些规则应用于 Styles 目录,而不是整个网站.
So I got 2 .aspx files. One called login and one called default. The idea is that when you start up the application you will be kicked to the Login screen. I'm doing this with the following code in the default.aspx.vb file:
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
If (HttpContext.Current.User.Identity.IsAuthenticated = False) Then
Response.Redirect("Login.aspx")
End If
End Sub
Problem is that you're always authenticated for some reason. It always returns true. My web Config file looks like this:
<configuration>
<appSettings>
<add key="strConn" value="EDITED"/>
</appSettings>
<location path="~/Styles">
<system.web>
<customErrors mode ="Off">
</customErrors>
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="Login.aspx"
protection="All"
timeout="30"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.Data.Odbc, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="system.web.security"/>
</assemblies>
</compilation>
</system.web>
</location>
</configuration>
I've tried with aswell didn't change anything. The users gets authenticated through a database. Currently I am running the program in Visual studio, not on my website. When the users has been checked through the database I use this code:
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkPersistCookie.Checked)
So any idea why people are always authorized?
I think the problem is the location tag. You're only applying these rules to the Styles directory, not the entire site.
这篇关于asp.net授权问题授权大家的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!