ASP.NET验证在IIS7集成模式下的角色静态内容 [英] ASP.NET Authentication with Roles in IIS7 Integrated Mode for Static Content
问题描述
我跟在IIS7静态内容集成的身份验证模式试验。我跟着这篇文章中的说明: http://aspnet.4guysfromrolla.com/articles/122408 -1.aspx
如果我允许/拒绝通过登录状态的访问(如文章),这是工作的罚款。不过,我想允许/拒绝基于角色的访问(使用内置的角色提供的ASP.NET)。当我把一个允许规则在web.config中的作用管理员和拒绝规则对于所有其他用户,我不能连访问静态文件时,我登录作为管理员。同一文件夹中包含非静态内容(aspx页面)是基于角色提供信息访问就好了。
I am experimenting with the integrated authentication mode for static content in IIS7. I followed the instructions in this article: http://aspnet.4guysfromrolla.com/articles/122408-1.aspx It is working fine if I allow/deny access by login status (like in the article). However I want to allow/deny access based on roles (using the ASP.NET built in Roles Provider). When I put an allow rule for the role "Admin" in the web.config and deny rule for all other users I am not able to access the static files even when I login as an admin. The same folder contains non-static content (aspx pages) that are accessed just fine based on the Role Provider information.
任何想法?
推荐答案
尝试添加以下到你的< system.webServer> <模块> 块:
Try adding the following to your <system.webServer> <modules> block:
<configuration>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
<remove name="RoleManager" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
</modules>
</system.webServer>
</configuration>
的 RoleManager 位是关键,它不包含在任何的在线例子,我能找到。如果没有,用户的角色成员没有初始化静态内容,因此基于角色的授权总是会失败。
The RoleManager bit is key, and it's not included in any of the online examples that I could find. Without that, the user's role membership isn't initialized for static content, so role-based authorization will always fail.
(声明:我根据我有限的IIS的理解拼凑了一起自己,但似乎工作)
(Disclaimer: I've pieced this together myself based on my limited understanding of IIS, but it seems to work.)
修改(响应您的评论):对不起,我不知道很多关于如何RoleManager依赖于其他模块。您可以通过查看查看默认的IIS配置C:\\ WINDOWS \\ SYSTEM32 \\ INETSRV \\设置\\的applicationHost.config (至少,这是我的Windows Vista计算机上过去)看到哪些模块加载顺序(请注意使用的默认情况下,限制RoleManager非静态内容managedHandler ),和MSDN盖的 RoleManagerModule 随着模块中的 System.Web.Security 命名空间,所以你也许可以找到你所需要那里。
Edit (in response to your comment): Sorry, I don't know much about how RoleManager depends on other modules. You can view the default IIS configuration by looking at c:\Windows\System32\inetsrv\config\applicationHost.config (at least, that's the past on my Windows Vista machine) to see the order in which modules are loaded (note the use of managedHandler by default to restrict RoleManager to non-static content), and MSDN covers RoleManagerModule along with the rest of the modules in the System.Web.Security namespace, so you could probably find what you need there.
这篇关于ASP.NET验证在IIS7集成模式下的角色静态内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
