使用窗体身份验证/授权使用的URL重写 [英] Using Forms Authentication/Authorization with Rewritten URLs

问题描述

我在做一些网址重写（例如，从斯科特Guthrie的博客取）快速测试沙盒和表单验证/授权。

I'm doing a quick sandbox test with some Rewritten URLs (example taken from Scott Guthrie's blog) and Forms Authentication / Authorization.

我有一个非常简单的设置。

I've a very simple setup.

~/View/(\d{1,6})      =>      ~/Public/View.aspx?ContentID=$1

和

~/Buy/(\d{1,6})       =>      ~/Private/Purchase.aspx?ContentID=$1

我已经证实了URL重写通过浏览到每一个工作下列单独

I've confirmed the URL Rewriting is working by browsing to each of the following seperately

• HTTP：//localhost/urltest/Public/View.aspx内容ID = 123456


• 的http：//本地主机/ urltest /浏览/ 123456


• HTTP：//localhost/urltest/Private/Purchase.aspx内容ID = 123456


• 的http：//本地主机/ urltest /购买/ 123456

• http://localhost/urltest/Public/View.aspx?contentID=123456
• http://localhost/urltest/View/123456
• http://localhost/urltest/Private/Purchase.aspx?contentID=123456
• http://localhost/urltest/Buy/123456

接下来，我去了，使我的窗体身份验证/授权在web.config中的2个目录。设置如下：

Next I went and enabled my Forms Authentication/Authorization for those 2 directories in the Web.Config. Setup as follows

  <location path="Private">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
  <location path="Public">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

这完美的作品，当我浏览到2原来的URL（在.aspx的）
但是当我浏览到URL重写版本不火的。

This works perfectly when I browse to the 2 original URLs (the .aspx's) but doesn't fire at all when I browse to the URL Rewritten versions.

我已经尝试添加＆LT;地点＆gt; 为购买单独但这仍然无法引起部分授权/认证模块中踢。

I've attempted to add <location> sections for Buy seperately but this still fails to cause the authorization/authentication module to kick in.

presumably这是因为它没有治疗这些网址作为ASPX资源......我可以通过重写规则找绕过它

Presumably this is because it isn't treating these URLs as ASPX Resources... I can get around it by making the rewriter rule look for

    <LookFor>~/Buy/(\d{1,6})\.aspx</LookFor>

即。强制重写的版本有一个ASPX底，但是这似乎只是丑陋。
反正是有得到验证处理程序，以火无论扩展名的URL类型（或缺乏有）

i.e. force the rewritten version to have an ASPX at the end, but this just seems ugly. Is there anyway to get the Auth Handlers to fire for any url type regardless of the extension (or lack there of)

推荐答案

要使用内置的身份验证，你将不得不决定是否要在原有基础上的原始的URL或改写的人进行身份验证。看来，如果你使用的URL重写是迷上了已经执行了认证之后的事件，这就是为什么只有'公共'和'私人'文件夹规则得到遵守。如果您想根据重写的URL进行身份验证，那么你就必须使用该挂接到一个较早的事件（如的BeginRequest）重写器以及与改写的URL更新你的web.config。

To use built-in auth, you will have to decide whether you want to authenticate based on the original 'raw' URLs or the rewritten ones. It appears as if the URL rewriter you're using is hooked up to an event after the authentication has already been performed, which is why only the 'Public' and 'Private' folder rules are being followed. If you want to authenticate based on the rewritten URLs, then you'll have to use a rewriter that hooks up to an earlier event (such as BeginRequest) as well as updating your web.config with the rewritten URLs.

另外，你可以插入自己的身份验证提供者，不喜欢都检查改写原来的URL花哨的东西，但是这可能矫枉过正只是沙盒测试现场。

Alternatively, you can plug-in your own authentication provider and do fancy things like checking both rewritten and original URLs, but that's probably overkill for just a sandbox test site.

请参阅本文的详细信息：

Please see this article for more information:

http://msdn.microsoft.com/en-us/library/ ms972974.aspx

我希望这有助于。

这篇关于使用窗体身份验证/授权使用的URL重写的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！