混合ASP.NET WebForms和ASP.NET MVC [英] Mixing ASP.NET Webforms and ASP.NET MVC
问题描述
我有窗体身份验证的麻烦。根web.config是设置拒绝像结构获得所有非认证的用户:
I am having trouble with forms authentication. The root web.config is setup to deny access to all non authenticated users with a structure like:
文件夹 - Web表单
文件夹1 - Web表单
型号
公用文件夹 - 与web.config中Web表单,让
公众访问
查看
与否定的web.config
Controllers
Folder - Webforms
Folder1 - Webforms
Model
Public Folder - Webforms with web.config to allow public access
Views
web.config with deny
我需要有家居控制器公开为好,但如果我离开的授权属性关根web.config仍然会阻止访问到的意见文件夹中。我想避免做类似下面我可以避开它。
I need to have the home controller public as well, but if I leave the authorize attribute off the root web.config will still block access to the views folder. I want to avoid doing something like below I can avoid it.
Web表单
-folder
-Folder2
-web.config与拒绝未经授权的用户
查看
公共访问的web.config
Controllers
Webforms
-Folder
-Folder2
-web.config with deny unauthorized users
Views
web.config with public access
没有人有任何的想法,使第一个目录结构工作?
Does anyone have any thoughts to make the first directory structure work?
推荐答案
我无法看到什么配置部分实际上样子。您可以编辑帖子并丢弃这些路段变成code样品块(使用文本编辑器工具栏中的二进制按钮)。
I'm having trouble seeing what the config sections actually look like. Can you edit the post and drop those sections into a Code Sample block (the button with binary in the text editor toolbar).
时锁定一切的WebForms和使MVC驱动位市民的目标是什么?
Is the goal to lock down everything that's WebForms and make the MVC driven bits public?
(本来只是把这个在一个评论,但我没有代表处点留下评论。)
(Would have just put this in a comment, but I don't have the rep points to leave comments yet.)
对于提供一些有用的东西,但承认我还是不知道哪些位要锁定下来,在MVC侧最终目标的缘故,它是可行的,你用你的控制器内的安全属性?例如,而不是试图锁定操作(或整个控制器)在web.config下来,你可以添加[授权(角色=YourRoles)的具体行动或控制器的顶部。优点和缺点这种方法,但我喜欢它,因为我不与配置文件太多这是我根本不喜欢有更动。当然,这是假设你使用标准的ASP.NET成员资格提供的,但即使你滚你自己的,你应该能够有一些额外的努力来完成任务以类似的方式。只是一个想法......
For sake of offering something useful, but acknowledging I still don't know the end goal for which bits you want to lock down, on the MVC side, is it feasible for you to use the security attributes within your Controllers? For example, instead of trying to lock actions (or entire controllers) down in the web.config, you can add the [Authorize(Roles="YourRoles")] to the specific actions or to the top of the controller. Pros and cons to this approach, but I like it as I don't have to mess around with the config file much which is something I simply don't enjoy. This is of course assuming you're using the standard ASP.NET membership provider, but even if you've rolled your own, you should be able to accomplish the task in a similar manner with some additional effort. Just a thought...
这篇关于混合ASP.NET WebForms和ASP.NET MVC的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
