ASP.NET Web服务内部窗体身份验证的应用 [英] ASP.NET Web Service inside Forms Authentication Application
问题描述
我有一个实现窗体身份验证站点范围内现有的ASP.NET应用程序。的应用程序被部署在多个实例(例如,customer1表,customer2表,测试,偏差,等等),每个实例中的单独的数据库中。 SSL是在发挥作用。实例配置是通过一个XML配置文件。
我有一个新的规定,允许某些数据,我想实现作为公共Web服务的上传/下载。
我最初的想法是在这里有选择性地禁用表格应用程序的子目录(例如,〜/服务)身份验证,然后通过SOAP头或类似的。
做认证不过,我没有找到一个方法来选择性地禁用窗体身份验证。
问:有没有办法做到这一点?我试着在<地点>标签中的web配置无济于事。
如果没有,你有什么了解如何设置此建议?我能想到的下列选项:
1)在我的解决方案创建一个新的服务项目,然后配置在每个实例目录中的一个单独的IIS ASP.NET应用程序。 (临:轻松访问实例配置,这可能在未来需要的体质:每个相关实例配置的负担)。
2)创建一个引用所需的组件从应用解决方案一个单独的服务解决方案,并主持它作为一个单独的ASP.NET应用程序。然后,查找根据SOAP头提供的用户名的数据库连接字符串。 (临:单一的应用程序在IIS中配置精读:不容易获得的实例配置)
3)??
澄清:我没有看到答案在这里:<一href=\"http://stackoverflow.com/questions/941909/override-asp-net-forms-authentication-for-a-single-page/941923#941923\">Override ASP.NET表单验证单个页面,而是使用了位置标签是没有帮助(用于Web服务请求仍然重定向)。在我的web.config中的相关章节是这样的:
&LT;&的System.Web GT;
&LT;身份验证模式=表格&GT;
&LT;形式loginUrl =的Login.aspx/&GT;
&LT; /认证&GT;
&LT;授权&GT;
&LT;拒绝用户= /&gt的帮助?
&LT;让用户=*/&GT;
&LT; /授权&GT;
&LT; /system.web>&LT;位置路径=〜/服务/ MyService.asmx&GT;
&LT;&的System.Web GT;
&LT;身份验证模式=无/&GT;
&LT;授权&GT;
&LT;让用户=*/&GT;
&LT; /授权&GT;
&LT; /system.web>
&LT; /地点&gt;
我想了位置标签会的工作,在那里你指定services文件夹,并允许所有用户,是这样的:
&LT;位置路径=服务&GT;
&LT;&的System.Web GT;
&LT;授权&GT;
&LT;让用户=*/&GT;
&LT; /授权&GT;
&LT; /system.web>
&LT; /地点&gt;
但你说,没有工作,你有没有试图把web.config文件中services文件夹和禁用窗体身份验证,并允许所有用户在该文件中?
I have an existing ASP.NET application that implements Forms Authentication site-wide. The application is deployed in multiple instances (e.g., customer1, customer2, test, dev, etc...), with a separate database per instance. SSL is in play. Instance configuration is via an XML config file.
I have a new requirement to allow upload/download of certain data, which I would like to implement as a public web service.
My initial thought here was to selectively disable forms authentication for a subdirectory of the application (e.g., ~/Services), and then do authentication via a SOAP header or similar.
However, I'm not finding a way to selectively disable forms auth.
Question: Is there a way to do this? I've tried the <location> tag in web config to no avail.
If not, what are your recommendations for how to set this up? I can think of the following options:
1) Create a new "Services" project in my solution, and then configure a separate IIS ASP.NET application on that directory in each instance. (Pro: easy access to instance configuration, which may be needed in the future. Con: configuration burden for each relevant instance).
2) Create a separate "Services" solution that references needed assemblies from the application solution and host it as a separate ASP.NET application. Then, lookup the db connection string based on the UserName provided in SOAP Header. (Pro: single app to configure in IIS. Con: No easy access to instance config.)
3) ??
Clarification: I did see the answer here: Override ASP.NET forms authentication for a single page, but the use of a location tag is not helping (requests for the web service are still redirected). The relevant sections in my web.config look like this:
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
<location path="~/Services/MyService.asmx">
<system.web>
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I would think the location tag would work, where you specify the services folder and allow all users, something like:
<location path="services">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
But you said that didn't work, have you tried putting a web.config file in the services folder and disabling forms authentication and allowing all users in that file?
这篇关于ASP.NET Web服务内部窗体身份验证的应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!