基于表单的身份验证 [英] forms-based authentication
问题描述
我正在尝试在我的网站上实现基于表单的身份验证,因此一些
目录将有web.config文件,这将拒绝某些用户,基于
on我遇到的问题是它只有asp.net文件(或者
扩展名映射到aspnet_isapi.dll的文件)才是
安全。
我找到的解决方案是将我保存在我的安全
目录中的所有扩展名映射到aspnet_isapi.dll。 br />
我打算映射.NET要处理的.htm,* .exe和* .shtm文件。
它会如何影响网站的表现?还有另一种方式
达到同样的目的吗?
谢谢,
Vic
我在最近的一个项目中通过将其他文件放在一个私人的
目录中完成了这个。
然后当我需要发送时给用户的一个文件,我会使用
Response.WriteFile从私人目录中获取文件并将其输出到用户的
。当然,ASPNET用户帐户需要读取访问
私人目录。
我使用的代码与此类似:
Response.Clear() ;
Response.AddHeader(" Content-Disposition"," inline; filename = myfile.doc");
Response.WriteFile(" c:\ privatedir\myfile.doc");
-
我希望这会有所帮助,
Steve C. Orr,MCSD ,MVP
http://Steve.Orr.net
在 http://www.able-consulting.com <上招聘顶尖开发人员a>
" Vic" < RO **** @ gat.com>在消息中写道
news:uB ************** @ TK2MSFTNGP12.phx.gbl ...我正在尝试实施基于表单的身份验证在我的网站上,所以
一些目录会有web.config文件,这将拒绝某些用户,基于角色等等。我遇到的问题是它只是asp .net文件
(或扩展名映射到aspnet_isapi.dll的文件)是
被保护的文件。
我找到的解决方案是映射所有扩展名I请将我的安全
目录保存到aspnet_isapi.dll。
我打算将.htm,* .exe和* .shtm文件映射为
处理..净。它将如何影响网站的性能?是否还有另一种
的方式来实现同样的目标?
谢谢,
Vic
< BLOCKQUOTE>"维克" < RO **** @ gat.com>在消息中写道
news:uB ************** @ TK2MSFTNGP12.phx.gbl ...
我正在尝试实施基于表单的身份验证在我的网站上,所以
一些目录会有web.config文件,这将拒绝某些用户,基于角色等等。我遇到的问题是它只是asp .net文件
(或扩展名映射到aspnet_isapi.dll的文件)是
被保护的文件。
我找到的解决方案是映射所有扩展名I请将我的安全
目录保存到aspnet_isapi.dll。
我打算将.htm,* .exe和* .shtm文件映射为
处理..净。它将如何影响网站的性能?还有另一种
的方式来实现同样的目的吗?
了解它的表现方式的唯一方法就是尝试它。
作为一般性陈述,请考虑它不应该比处理ASP.NET文件的性能更差,因为ASP.NET文件必须处理执行
代码甚至可能编译它。
需要注意的一点是:ASP.NET用于这些
文件类型的StaticFileHandler似乎在发送之前将整个文件读入内存。
这对于大文件来说可能是一个问题...
-
John
谢谢,John。
我认为这不是一个好主意,因为有些文件超过了
20MB ...
我可能会使用史蒂夫的方法:
Response.WriteFile(" c:\ privatedir \ myfile.doc");
当然,这也可以加载文件记忆首先...
谢谢,
维克
John Saunders < john.saunders at surfcontrol.com>在消息中写道
news:%2 **************** @ TK2MSFTNGP12.phx.gbl ..."维克" < RO **** @ gat.com>在消息中写道
新闻:uB ************** @ TK2MSFTNGP12.phx.gbl ...我正在尝试实现基于表单的我的网站上的身份验证,所以一些目录将有web.config文件,这将拒绝某些用户,
基于角色等。我遇到的问题是它只是asp .net文件
(或扩展名映射到aspnet_isapi.dll的文件是
安全。
我找到的解决方案是将我保存在
安全目录中的所有扩展名映射到aspnet_isapi.dll。
我我计划映射.htm,* .exe和* .shtm文件,由
.NET处理。它将如何影响网站的性能?还有另一种
方式实现同样的目的吗?
了解其执行方式的唯一方法是尝试它。
作为一般性陈述,请考虑它不应该比处理ASP.NET文件的性能更差,因为ASP.NET文件必须处理执行代码有一点需要注意:ASP.NET使用的StaticFileHandler
这些文件类型似乎读取整个文件在发送
之前进入内存。对于大文件来说这可能是一个问题......
-
约翰
I am trying to implement a forms-based authentication on my website, so some
directories will have web.config file which will deny certain users, based
on role, etc. The problem I encountered is that it''s only asp.net files (or
the files with the extension mapped to aspnet_isapi.dll) are the ones being
secured.
The solution I found is to map all of the extension I''d keep in my secured
directory to aspnet_isapi.dll.
I am planning to map .htm, *.exe, and *.shtm files to be processed by .NET.
How is it going to affect the performance of the site? Is there another way
of achieving the same thing?
Thanks,
Vic
I accomplished this in a recent project by putting other files in a private
directory.
Then when I needed to send one of the files to the user, I''d use
Response.WriteFile to grab the file from the private directory and output it
to the user. Of couse the ASPNET user account needs read access to the
private directory.
I used code similar to this:
Response.Clear();
Response.AddHeader("Content-Disposition","inline;filename=myfile.doc");
Response.WriteFile("c:\privatedir\myfile.doc");
--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com
"Vic" <ro****@gat.com> wrote in message
news:uB**************@TK2MSFTNGP12.phx.gbl...I am trying to implement a forms-based authentication on my website, so some directories will have web.config file which will deny certain users, based
on role, etc. The problem I encountered is that it''s only asp.net files (or the files with the extension mapped to aspnet_isapi.dll) are the ones being secured.
The solution I found is to map all of the extension I''d keep in my secured
directory to aspnet_isapi.dll.
I am planning to map .htm, *.exe, and *.shtm files to be processed by ..NET. How is it going to affect the performance of the site? Is there another way of achieving the same thing?
Thanks,
Vic
"Vic" <ro****@gat.com> wrote in message
news:uB**************@TK2MSFTNGP12.phx.gbl...I am trying to implement a forms-based authentication on my website, so some directories will have web.config file which will deny certain users, based
on role, etc. The problem I encountered is that it''s only asp.net files (or the files with the extension mapped to aspnet_isapi.dll) are the ones being secured.
The solution I found is to map all of the extension I''d keep in my secured
directory to aspnet_isapi.dll.
I am planning to map .htm, *.exe, and *.shtm files to be processed by ..NET. How is it going to affect the performance of the site? Is there another way of achieving the same thing?
The only way to find out how it performs is to try it.
As a general statement, consider that it shouldn''t be any worse than the
performance of processing ASP.NET files, which have to deal with executing
code and possibly even compiling it.
One thing to be aware of: the StaticFileHandler which ASP.NET uses for these
file types seems to read the entire file into memory before sending it out.
This can be an issue for huge files...
--
John
Thanks, John.
I think it''s not such a hot idea, since some of the files are more than
20MB...
I''ll probably use Steve''s approach:
Response.WriteFile("c:\privatedir\myfile.doc");
Of course, this could also load the file in the memory first...
Thanks,
Vic
"John Saunders" <john.saunders at surfcontrol.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl..."Vic" <ro****@gat.com> wrote in message
news:uB**************@TK2MSFTNGP12.phx.gbl...I am trying to implement a forms-based authentication on my website, so somedirectories will have web.config file which will deny certain users, based on role, etc. The problem I encountered is that it''s only asp.net files
(orthe files with the extension mapped to aspnet_isapi.dll) are the ones
beingsecured.
The solution I found is to map all of the extension I''d keep in my secured directory to aspnet_isapi.dll.
I am planning to map .htm, *.exe, and *.shtm files to be processed by
.NET.How is it going to affect the performance of the site? Is there another
wayof achieving the same thing?
The only way to find out how it performs is to try it.
As a general statement, consider that it shouldn''t be any worse than the
performance of processing ASP.NET files, which have to deal with executing
code and possibly even compiling it.
One thing to be aware of: the StaticFileHandler which ASP.NET uses for
these file types seems to read the entire file into memory before sending it out. This can be an issue for huge files...
--
John
这篇关于基于表单的身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
