IIS 7如何保留网站子文件夹身份验证设置 [英] IIS 7 how to preserve website subfolder Authentication settings
问题描述
在IIS中,您可以使用功能"视图来设置文件夹级别的设置(请参见屏幕截图).我想为我的网站的几个子文件夹禁用匿名身份验证,然后将这些设置保存到源代码管理中.我想知道IIS在哪里保存这些设置.它们不在网站web.config或子文件夹内的web.config中.无论如何,我可以将IIS设置与源代码一起保存,还是必须在每次重新部署时执行这些任务?
In IIS you can set folder-level settings using the Features view (see screenshot). I want to disable Anonymous authentication for several subfolders of my website and save those settings to source control. I want to know where does IIS save these settings. They are not in the website web.config or the web.config inside subfolders. Is there anyway I can save the IIS settings with the source code or do I have to perform these tasks with each fresh deployement?
推荐答案
将以下内容添加到您要保护的每个文件夹的根web.config中:
Add the following to your root web.config for each folder you want to secure:
<location path="secure_folder">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
以上内容假设您使用的是基本身份验证.
The above assumes that you're using Basic Authentication.
或者在每个子文件夹中创建一个web.config,用几乎相同的方式进行保护(不带<location>标记的除外:
Alternatively create a web.config in each sub folder to be secured with pretty much the same (except without the <location> tag:
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
如果收到错误,例如:
执行此操作时出错.
There was an error while performing this operation.
详细信息:
文件名:\?\ d:\ sites \ play1 \ www \ web.config
Filename: \?\d:\sites\play1\www\web.config
行号:15
错误:无法在此路径上使用此配置部分.这 当该节被锁定在父级时发生.锁定是 默认情况下(overrideModeDefault ="Deny"),或由 具有overrideMode ="Deny"或旧版的位置标记 allowOverride ="false".
Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
这意味着<anonymousAuthentication>和<basicAuthentication>的配置设置尚未委派读取/写入权限.
Then it means that the configuration settings for <anonymousAuthentication> and <basicAuthentication> haven't been delegated Read/Write permissions.
您可以通过启动IIS管理器并打开功能委托管理器来对此进行调整:
You can adjust this by launching IIS Manager and opening the Feature Delegation manager:
执行此操作时,您将看到可以控制的功能及其委派状态的列表:
When you do this you'll see a list of features that can be controlled and their delegation state:
右键单击Authentication - Anonymous,然后选择Read/Write.对Authentication - Basic做同样的事情.
Right click on Authentication - Anonymous and select Read/Write. Do the same for Authentication - Basic.
此功能委派设置将在服务器上的所有站点上全局应用,但是可以使用自定义站点委派"将其微调到特定站点.
This feature delegation setting will be applied globally across all sites on the server, however it is possible to fine tune this to specific sites using Custom Site Delegation.
您可以在此处阅读有关IIS 7.x/8.0功能委托的更多信息:
You can read more about IIS 7.x/8.0 Feature Delegation here:
这篇关于IIS 7如何保留网站子文件夹身份验证设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
