为匿名用户 IIS 7.5 授权目录? [英] Authorize a directory for anonymous users IIS 7.5?

问题描述

我正在尝试在 IIS 7.5 中添加一个用于匿名访问的目录.它适用于 Web Dev 但不适用于 IIS 7.5

I'm trying to add a directory for anon access in IIS 7.5. It works under Web Dev but not IIS 7.5

我目前在目录中使用这个 web.config.这是一个带有样式表的目录:

I'm currently using this web.config in the directory. This is a directory with style sheets:

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    WindowsMicrosoft.NetFrameworkv2.xConfig 
-->

    <configuration>
        <appSettings/>
        <connectionStrings/>
        <system.web>
            <authorization>

                <allow users="*" />

            </authorization>

        </system.web>
    </configuration>

更新:

我已进入文件夹并在身份验证下，我已将匿名身份验证从 IIS_USR 更改为池.这似乎是正确的.

I've went to the folder and under Authentication, I've changed anonymous authentication from IIS_USR to pool. This seems to have correct it.

我将奖励任何提供非常好的解释和资源以理解此设置的人.此外，如何在全球范围内应用它会很高兴——适用于所有文件夹.

I will reward anyone who provides a very good explanation and resources for understanding this setting. Also, how to apply it globally would be good to know -- for all folders.

推荐答案

既然你回答了自己的问题，这里的解释可能会有所帮助

Since you answered your own question, here is the explanation that might help

授权涉及 IIS 将向谁提供资源.但是，这些资源具有自己的安全性，因为它们只是文件系统上的文件.

Authorization deals with who IIS will offer resources to. Those resources, however, have their own security as they are just files on a file system.

配置中的 Authentication 元素有助于确定 IIS 在接受用户请求后如何识别用户请求，以及在访问 IIS 之外/外部的资源时如何识别.

The Authentication element in the config assists in determining how IIS will identify a user's requests after its accepted and as it accesses resources beyond/external to IIS.

这是在站点级别设置的，通常在您服务器的 applicationHost.config 文件中.如果设置正确，它可以在站点级别被覆盖.

This is set at the site level, typically in the applicationHost.config file for your server. It can, if properly setup, be overridden at the site level.

有关此的 IIS.net 页面:

IIS.net pages about this:

http://www.iis.net/ConfigReference/system.webServer/security/authorization/添加

http://www.iis.net/ConfigReference/system.webServer/security/authentication/anonymousAuthentication

您在 UI 中所做的 .config 版本是:

The .config version of what you did in the UI is:

<location path="/yourSite">
   <system.webServer>
      <security>
         <authentication>
            <anonymousAuthentication enabled="true" username="" />
          </authentication>
      </security>
   </system.webServer>
</location>

马上.auth 方法，用户名字段是访问资源时 IIS 将模拟的人.不指定时，默认使用apppool的标识.

On the anon. auth method, the username field is who IIS will impersonate when resources are accessed. When you don't specify one, it defaults to use the identity of the apppool.

现在，至于为什么这很重要...检查磁盘上的实际文件(.css).如果这解决了问题，则意味着 IUSR 无权读取该文件.

Now, as to why this mattered ... check the actual file on disk (the .css). If this fixed the problem that would mean IUSR doesn't have access to read that file.

这篇关于为匿名用户 IIS 7.5 授权目录?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！