是否比其他的aspx文件的web.config授权的工作? [英] Does web.config authorization work on files other than aspx?
问题描述
我有一个窗体身份验证的ASP.NET应用程序。它的工作原理很好,但我有一个目录中,我希望用户无法访问(或仅在用户登录)。奥利.txt文件(无ASPX文件)
I have ASP.NET application with forms authentication. It works well but I have one directory with olly .txt files (no aspx files) that I want users not to access (or only logged in users).
我添加的web.config到这个目录:
I added web.config to this directory:
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
编辑:
这仅适用于.aspx文件。它不为.txt文件和类似的工作。用户无法在此目录的子目录,也不知道但是.txt文件名就可以访问浏览。
This works only for .aspx files. It does not work for .txt files and similar. Users cannot browse this directory nor subdirectories however knowing .txt file name they can access it.
我试图IIS6和IIS 7.5。在IIS6 .txt文件也被限制,但在IIS 7.5没有那么它可能是IIS配置的问题。
I tries IIS6 and IIS 7.5. On IIS6 .txt files are also restricted but on IIS 7.5 not so it may be IIS configuration issue.
推荐答案
您的问题取决于你所使用的Web服务器上。 ASP.NET授权只由ASP.NET处理的文件类型的作品。如果您有IIS 5或6,这是不正常的txt文件,甚至为.JPG,.gif和纯.html文件真实,但仅限于ASPX,ASMX等。
Your question depends on the web server you are using. ASP.NET authorization works only with file types that are handled by ASP.NET. If you have IIS 5 or 6, this is normally not true for .txt files or even for .jpg, .gif and pure .html files, but only for aspx, asmx etc.
如果你有IIS7和集成模式,因为ASP.NET集成,将要求每个类型的文件没问题。所以如果你有IIS5或6,你必须注册的MIME类型,如aspnet.isapi被称为.txt文件以及
No problem if you have IIS7 and integrated mode, because ASP.NET is integrated and will be called for every type of file. So if you have IIS5 or 6 you have to register the mime types such as the aspnet.isapi is called for .txt files as well.
更新:
配置
<deny users="*">
锁定了所有用户。这将只工作结合允许的,例如
locks out all users. It would work only in combination with allow, e.g.
<allow roles="administrators" />
<deny users="*">
这样所有的用户,但管理员将被锁定。如果用户验证,但没有管理员联系,他将被重定向到登录页面。
like this all users but administrators will be locked out. If a user is authenticated but not adminstrator, he will be redirected to the login page.
另一种选择是锁定匿名用户只:
The other option is to lock out anonymous users only:
<deny users="?">
这篇关于是否比其他的aspx文件的web.config授权的工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
