为什么为&lt;拒绝用户=&QUOT;&QUOT; /&GT;包括在下面的例子中? [英] Why is <deny users="?" /> included in the following example?
问题描述
的?
通配符重新presents未经身份验证的用户,而 *
重新presents所有用户,认证未经验证的和。我的书显示URL授权的下面的例子:
The ?
wildcard represents unauthenticated users while *
represents all users, authenticated and unauthenticated. My book shows the following example of URL authorization:
<authorization>
<deny users="?" />
<allow users="dan,matthew" />
<deny users="*" />
</authorization>
结果
但没有上述code具有同样的效果:
But doesn’t the above code have the same effect as :
<authorization>
<allow users="dan,matthew" />
<deny users="*" />
</authorization>
还是没笔者还包括&LT;?拒绝用户= /&GT;的一个原因
规则
推荐答案
从配置文件为precedence的问题ASP.NET授予访问权限。在一个潜在的冲突的情况下,第一次出现的许可取precedence。因此,
ASP.NET grants access from the configuration file as a matter of precedence. In case of a potential conflict, the first occurring grant takes precedence. So,
deny user="?"
拒绝访问匿名用户。然后
denies access to the anonymous user. Then
allow users="dan,matthew"
允许访问该用户。最后,它拒绝访问给大家。这动摇了,每个人都只是丹,马修将被拒绝访问。
grants access to that user. Finally, it denies access to everyone. This shakes out as everyone except dan,matthew is denied access.
编辑补充:和@Deviant指出,拒绝对未经验证的访问是没有意义的,因为最后一项包括未经验证的为好。一个好的博客文章讨论这个话题可以发现:<一href=\"http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx\">Guru萨卡的博客
Edited to add: and as @Deviant points out, denying access to unauthenticated is pointless, since the last entry includes unauthenticated as well. A good blog entry discussing this topic can be found at: Guru Sarkar's Blog
这篇关于为什么为&lt;拒绝用户=&QUOT;&QUOT; /&GT;包括在下面的例子中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!