表单身份验证应用程序中的 ASP.NET Web 服务 [英] ASP.NET Web Service inside Forms Authentication Application
问题描述
我有一个现有的 ASP.NET 应用程序,它在站点范围内实现了表单身份验证.应用程序部署在多个实例(例如,customer1、customer2、test、dev 等)中,每个实例都有一个单独的数据库.SSL 正在发挥作用.实例配置是通过 XML 配置文件进行的.
I have an existing ASP.NET application that implements Forms Authentication site-wide. The application is deployed in multiple instances (e.g., customer1, customer2, test, dev, etc...), with a separate database per instance. SSL is in play. Instance configuration is via an XML config file.
我有一个允许上传/下载某些数据的新要求,我希望将其实现为公共网络服务.
I have a new requirement to allow upload/download of certain data, which I would like to implement as a public web service.
我最初的想法是有选择地禁用应用程序子目录(例如 ~/Services)的表单身份验证,然后通过 SOAP 标头或类似内容进行身份验证.
My initial thought here was to selectively disable forms authentication for a subdirectory of the application (e.g., ~/Services), and then do authentication via a SOAP header or similar.
但是,我没有找到有选择地禁用表单身份验证的方法.
However, I'm not finding a way to selectively disable forms auth.
问题:有没有办法做到这一点?我已经尝试过 <location>网络配置中的标记无济于事.
Question: Is there a way to do this? I've tried the <location> tag in web config to no avail.
如果没有,您对如何设置有什么建议?我可以想到以下选项:
If not, what are your recommendations for how to set this up? I can think of the following options:
1) 在我的解决方案中创建一个新的服务"项目,然后在每个实例的该目录上配置一个单独的 IIS ASP.NET 应用程序.(优点:轻松访问实例配置,将来可能需要.缺点:每个相关实例的配置负担).
1) Create a new "Services" project in my solution, and then configure a separate IIS ASP.NET application on that directory in each instance. (Pro: easy access to instance configuration, which may be needed in the future. Con: configuration burden for each relevant instance).
2) 创建一个单独的服务"解决方案,从应用程序解决方案中引用所需的程序集,并将其作为单独的 ASP.NET 应用程序托管.然后,根据 SOAP Header 中提供的 UserName 查找数据库连接字符串.(优点:在 IIS 中配置单个应用程序.缺点:无法轻松访问实例配置.)
2) Create a separate "Services" solution that references needed assemblies from the application solution and host it as a separate ASP.NET application. Then, lookup the db connection string based on the UserName provided in SOAP Header. (Pro: single app to configure in IIS. Con: No easy access to instance config.)
3) ??
澄清:我确实在这里看到了答案:覆盖单个页面的 ASP.NET 表单身份验证,但使用位置标记无济于事(仍重定向对 Web 服务的请求).我的 web.config 中的相关部分如下所示:
Clarification: I did see the answer here: Override ASP.NET forms authentication for a single page, but the use of a location tag is not helping (requests for the web service are still redirected). The relevant sections in my web.config look like this:
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
<location path="~/Services/MyService.asmx">
<system.web>
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
推荐答案
我认为位置标签会起作用,您可以在其中指定服务文件夹并允许所有用户,例如:
I would think the location tag would work, where you specify the services folder and allow all users, something like:
<location path="services">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
但是您说那不起作用,您是否尝试过将 web.config 文件放在 services 文件夹中并禁用表单身份验证并允许该文件中的所有用户?
But you said that didn't work, have you tried putting a web.config file in the services folder and disabling forms authentication and allowing all users in that file?
这篇关于表单身份验证应用程序中的 ASP.NET Web 服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!