窗体身份验证 - Web.Config中的子文件夹不工作 [英] Forms Authentication - Subfolder Web.Config not working
问题描述
我需要在我的网站的区域,只有特定的用户可以查看。
I need an area in my website where only certain users can view.
我所做的就是创建一个视频文件夹。根据该foler我的文件夹
一位名为Login和另一种叫WatchVid。在登录文件夹中我有一个名为的Login.aspx页。一旦用户登录在便会进入到/WatchVid/Watch.aspx
下面是一个重新presentation:
What I did was create a Video folder. Under that foler I have folders One called Login and the other called WatchVid. In the Login folder I have a page called Login.aspx. Once the user logins in they will then go to /WatchVid/Watch.aspx Below is a representation:
Video Folder
|
|
----> Login Folder
| |
| |
| ---> Login.aspx
|
----> WatchVid Folder
|
|
--->Watch.aspx
我在我的WatchVid以下Web配置文件中只允许有VidUser角色查看的页面:
I have the following web config file in my WatchVid to only allow roles that have VidUser to view the page:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="VidUser" />
<deny users="?" />
</authorization>
</system.web>
</configuration>
我所发现的是,即使我改变:
What I am finding is that even if I change:
<allow roles="VidUser" />
To:
<allow roles="VidUser1" />
我仍然可以得到这个Watch.aspx页 即使的我没有VidUser1的作用。
I can still get to this the Watch.aspx page even though I do not have a role of VidUser1.
我是不是做错了什么?
正如下面一提的是在code我使用,一旦用户登录他们的用户ID,密码:
Just as a reference below is the code I use once the user logins in with their userid, pwd:
protected void btnLogin_Click(object sender, EventArgs e)
{
if (Roles.IsUserInRole(txtUserName.Text, "StreamingUser"))
{
const string url = "~/Video/WatchVid/Watch.aspx";
Response.Redirect(url);
}
斯蒂芬,我有我的根web.config页以下,但仍让我得到了Watch.aspx页:
Stephan, I have the following in my root web.config page but still letting me get to the Watch.aspx page:
<location path="Video/WatchVid">
<system.web>
<authorization>
<allow roles="StreamingUser1dfdfdfd" />
<deny users="?" />
</authorization>
</system.web>
</location>
请注意我是如何创建StreamingUser1dfdfdfd的虚拟角色只是检查出来。我仍然能够获得到Watch.aspx页面。
Note how I created a dummy role of StreamingUser1dfdfdfd just to check it out. I am still able to get to the Watch.aspx page.
麦克:
我有我的下夹WatchVid以下,但得到访问错误,当我用*做到这一点 - 你知道吗?
I have the following under my WatchVid folder but getting access error when I do it with * - Any idea? :
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="StreamingUser" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
我得到以下信息:
的未经授权:登录失败,服务器配置。验证您是否有权查看根据您提供的凭据和Web服务器上启用的身份验证方法该目录或页面。获取更多帮助联系Web服务器的管理员。的
请记住,这仍然有效:
protected void btnLogin_Click(object sender, EventArgs e)
{
if (Roles.IsUserInRole(txtUserName.Text, "StreamingUser"))
{
const string url = "~/Video/WatchVid/Watch.aspx";
Response.Redirect(url);
}
但现在不会让我通过向Watch.aspx页面,我得到一个错误。
But now it will not let me through to the Watch.aspx page as I get an error.
推荐答案
您会想更改
<deny users="?"/>
到
<deny users="*"/>
* 意味着它被拒绝给大家。那么你的允许角色让在合适的岗位。
* means it is denied to everyone. Then your allow roles lets in the right roles.
?意味着它被拒绝未经授权的用户。既然你验证,你没有拒绝。
? means it is denied to unauthenticated users. Since you are authenticated, you aren't denied.
这篇关于窗体身份验证 - Web.Config中的子文件夹不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
