AJAX工具包和网络配置的安全性 [英] AJAX toolkit and web config security
问题描述
大家好,
我使用ASP.NET和AJAX工具包,如果有任何安全方面的问题,我应该关心的是疑惑。我以前从未使用过的AJAX工具包,以及通常的标准控件,还有一些我用它来验证输入回传。我想这是与AJAX控件相同,但有可能会错过任何额外的渔获?
Hey everyone, I'm using ASP.NET and the AJAX toolkit and was wondering if there are any security aspects I should be concerned about. I've never used the AJAX toolkit before, and usually from standard controls, there are postbacks which I use to validate input. I assume this is the same with the AJAX controls, but are there any extra catches that might be missed?
另外,我在我的web.config文件中设置一些安全方面的问题。据我了解,在任何父文件夹设置,级联到子文件夹。然而,我的子文件夹只能由得到授权的访问,所以我创建了每个子文件夹中的新的Web配置文件。这些配置文件只包含授权设置。将会从父配置文件(除了授权的)中的所有其他设置仍然向下级联?还是我复制并粘贴整个父文件到子文件并更改授权code在那?
Also, I've set some security aspects in my web.config files. As I understand it, anything set in parent folders, cascades down to subfolders. However, my subfolders should only be accessed by those authorized to, so I've created a new web config file per sub folder. These config files only contain the authorization settings. Will all the other settings from the parent config file (besides the authorization ones) still cascade down? Or do I have to copy and paste the whole parent file into the sub folder and change the authorization code in that?
感谢您的帮助。
推荐答案
控制工具包以任何方式应该不会影响您的授权设置。
The control toolkit shouldn't impact your authorization settings in any way.
控制工具包并没有真正有任何web.config设置,需要至少没有。很多人把下页/控制一个条目来注册标签preFIX做,但你可以使用在个人页面,而不是如果你preFER注册指令。
The control toolkit doesn't really have any web.config settings, at least none that are required. A lot of people do put in an entry under pages/controls to register the tag prefix, but you can use register directives at the individual pages instead if you prefer.
顺便说一句,你应该考虑使用位置元素在web.config中,而不是每个文件夹的web.config。这通常是一个小更易于维护,并允许你做同样的事情。关于MSDN 位置更多信息。
BTW, you should consider using the location element in web.config rather than having a per-folder web.config. This is usually a little easier to maintain and allows you to do the same thing. More info about location on MSDN.
这篇关于AJAX工具包和网络配置的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
