子文件夹中忽略了ASP.NET的web.config授权设置 [英] ASP.NET web.config authorization settings ignored in subfolders
问题描述
我使用asp.net MVC 2和VS 2008
我试图让网站与形式的授权。当我试图限制访问某些网页,我使用asp.net管理工具。在那里,我创建规则,例如,拒绝访问anonimous用户整个网站。管理工具,如预期,增加了以下根web.config文件部分:
<授权>
<拒绝用户=? />
< /授权>
当我在一些子文件夹中做同样的事情,如例%ApplicationRoot%/查看/保护,管理工具,如预期也增加了web.config文件中提到的子文件夹,具有以下code:
<结构>
<&的System.Web GT;
<授权>
<拒绝用户=用户名/>
< /授权>
< /system.web>
theese文件之间
总理的区别是根web.config授权部分有一定的影响(一般来说,它可以作为计划 - 拒绝所有未经授权的用户整个网站)。但是,子文件夹的web.config授权部分没有任何效果可言。
我发现,然后添加到根配置文件,下面code
<位置路径=受保护>
<授权>
<拒绝用户=用户名/>
< /授权>
< /地点>
做的工作很大 - 它,按照计划,否认%USERNAME%存取权限的所有视图,位于%ApplicationRoot%/查看/受保护文件夹
。
这是behavoir与simmilar卡西尼和IIS,我都试过了。
主要的问题是,我需要一种管理工具做的工作,所以我要求有问题的任何帮助 - 为什么在web.config中位于子文件夹中没有授权部分的作品
<? / p>
P.S。我试图把不正确code之间&LT;授权&GT; 和&LT; /授权&GT; 在子文件夹中的网站.config文件:
&LT;授权&GT;
asdfg
&LT; /授权&GT;
没有效果。也许整个一节是由于某些问题被忽略?
P.P.S。不正确code出在同一个文件中的授权部分的导致错误
您的问题是,您的应用程序是不是一个经典的ASP.NET Web窗体应用程序。
你正在试图做的会在Web表单完美地工作,但不是在MVC。
在MVC世界,当浏览器请求页/人/ SmartList的它不一定,它会从你的项目中显示的/People/SmartList.cshtml。事实上,你的项目甚至不能有/人/文件夹的。将由MVC发动机中显示的视图(.cshtml文件)由路由确定。这MVC路由引擎不看一切尽在您web.config文件中,当访问这些.cshtml文件。现在,你可以看到,为什么你web.conig文件将被忽略。
但你还是能够做到的授权。而不是使用的web.config文件,你应该使用 [授权] 属性并将其应用到合适的控制器的操作方法,甚至到了一个控制器类。
[授权(用户=用户名)]
公众的ActionResult ShowRestrictedData()
...
I'm using asp.net mvc 2 and vs 2008.
I'm trying to make website with forms authorization. When i'm trying to restrict access to some pages, i'm using asp.net administration tool. There i create rule, for example, to deny access to anonimous users to whole web site. Administration tool, as expected, adds following section in the root web.config file:
<authorization>
<deny users="?" />
</authorization>
When i do same thing in some subfolder, as example %ApplicationRoot%/View/Protected, administration tool, as expected too, adds web.config file in mentioned subfolder, with following code:
<configuration>
<system.web>
<authorization>
<deny users="UserName" />
</authorization>
</system.web>
Prime difference between theese files is that root web.config authorisation section has some effect(generally speaking, it works as planned - denies all unauthenticated users from whole website). But subfolder web.config authorisation section have no effect at all. I found that then added to root config file, following code
<location path="Protected">
<authorization>
<deny users="UserName" />
</authorization>
</location>
does the work greatly - it, as planned, denies %UserName% acces to all views, located in %ApplicationRoot%/View/Protected Folder.
This behavoir is simmilar with cassini and iis, i tried both.
The main problem is that i need kind administration tool to do the work, so i'm asking for any help with issue - why doesn't authorisation section works when web.config is located in subfolder?
P.S. I tried to place incorrect code in between <authorization> and </authorization> in subfolder's web.config:
<authorization>
asdfg
</authorization>
No effect. Probably the whole section is ignored due to some issue?
P.P.S. Incorrect code out of the authorization section in the same file causes an error
Your problem is that your application is not a classical ASP.NET Web Forms application. What you're trying to do would work perfectly in Web Forms, but not in MVC.
In MVC world when browser requests page /People/SmartList it's not necessarily that it would be shown the /People/SmartList.cshtml from your project. In fact, your project could not even have the /People/ folder at all. The view (.cshtml file) which will be shown by MVC engine is determined by routes. And that MVC routing engine doesn't look at all at your web.config files, when it accesses those .cshtml files. Now, you can see, why your web.conig files are ignored.
But you're still able to do the authorization. Instead of using web.config files you should use the [Authorize] attribute and apply it to appropriate controller's action methods, or even to a whole controller class.
[Authorize(Users="UserName")]
public ActionResult ShowRestrictedData()
...
这篇关于子文件夹中忽略了ASP.NET的web.config授权设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
