ASP.NET授权继承规则 [英] ASP.NET Authorization inherits rules

问题描述

我试图保护（子）目录在我的ASP.NET网站，其中包含的文件（视频，文档等），所以我创建了一个Web.config文件：

I am trying to protect a (sub)directory in my ASP.NET website that contains files (Videos, documents etc.) So I created a Web.config file:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <deny users="?"/>
      <allow roles="Administrator"/>
      <allow roles="Author"/>
      <allow roles="Report"/>
    </authorization>
  </system.web>
</configuration>

这些角色对应与那些在我的数据库中的asp.net角色表中定义。

These roles correspond with those defined in the asp.net roles table in my database.

我打开了IIS7检查授权规则在那里，他们是。但也有被设置为允许所有用户2继承的规则。这些规则似乎忽略我的规则去设定Web.config文件。我不能删除这些继承的规则。

I opened up IIS7 to check if the authorization rules were there and they were. But there were also 2 inherited rules that are set to "Allow all users". These rules seem to override my rules set in de Web.config. I can't delete these inherited rules.

有没有什么方法来禁用这些继承的授权规则，只为我的子文件夹？

Is there any way to disable these inherited authorization rules, only for my subfolder?

在此先感谢！

推荐答案

在你的根目录下的web.config尝试以下

In web.config of your root directory try following

<location path="MySite/SubDirectory" allowOverride="false">
    <system.web>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>
</location>

这篇关于ASP.NET授权继承规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！