在不创建Web应用程序的情况下向子文件夹添加身份验证 [英] Add authentication to subfolders without creating a web application
问题描述
我们有一个现有的可公开访问的Web应用程序,其中包含用户控件,数据访问库,图形等.我们要在网站上创建一个新的安全部分,以访问一些现有资源.
We have an existing publicly accessible web application with user controls, data access libraries, graphics, etc. We want to create a new secure section of the site that accesses some of the already existing resources.
最初,我们将站点的新部分创建为虚拟目录(希望如此),以便我们可以访问父站点的资源.我们将适当的位置信息添加到了基本的web.config(身份验证和授权)中,但是我们继续看到以下错误解析器错误消息:使用超出应用程序级别注册为allowDefinition ='MachineToApplication'的部分是错误的.错误可能是由于虚拟目录未在IIS中配置为应用程序."
Initially we created the new section of the site as a virtual directory which (we hoped) would allow us to access the parent site's resources. We added the appropriate location information to the base web.config (authentication and authorization) but we continue to see the following error "Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS."
为响应该错误,我们将目录创建为新应用程序.这使我们能够正确地进行身份验证,但是具有无法访问父目录中的任何资源的缺点(因为它不在应用程序范围之内).
In response to that error we created the directory as a new application. This allows us to authenticate properly but has the drawback of not being able to access any of the resources in the parent directory (since it's outside the application scope).
在利用现有资源的同时,有什么方法可以保护网站的新部分?
Is there any way to secure the new section of the site while at the same time utilize the already existing resources?
推荐答案
在网站根目录中的web.config文件中,如果您添加:
In your web.config file in the root of your site, if you add:
<location path="relativePathToDir">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
这对我来说是使用FormsAuthentication的,如果未通过身份验证,用户将被重定向到默认登录页面
This is working for me using FormsAuthentication, the user gets redirected to the default login page if not authenticated
这篇关于在不创建Web应用程序的情况下向子文件夹添加身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
