[英]Anonymous users authorized to access register.aspx but being re-directed to login page
Trying to restrict anonymous users to login.aspx, register.aspx and Site.css files and authenticated to have access to whole site. 试图限制匿名用户访问login.aspx,register.aspx和Site.css文件,并进行身份验证以可以访问整个站点。 Currently anonymous can access login.aspx and Site.css as styles appearing correctly.
当前,匿名用户可以访问login.aspx和Site.css,因为它们显示的样式正确。 However when I click on register.aspx link I get redirected to login.aspx page.
但是,当我单击register.aspx链接时,我被重定向到login.aspx页面。
Below my web.config in web root. 在我的web.config中的Web根目录下。 There are no other web.configs in directory structure.
目录结构中没有其他web.configs。 I don't know if I should be looking anywhere else (I know WSAT can sometimes hold rules but not sure if superseded by root Web.config).
我不知道我是否应该在其他地方查看(我知道WSAT有时可以保存规则,但不确定是否由根Web.config取代)。
Was just thinking login and register files reference a master page would this need explicit authorization as well? 是否只是在考虑登录和注册文件引用母版页,这是否也需要显式授权? Although wouldn't explain why login works for anonymous but register doesn't.
尽管不会解释为什么登录对于匿名用户有效,但注册无效。
Thanks for your help! 谢谢你的帮助! Anthony.
安东尼
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="************"
connectionString="Data Source=**********; Initial Catalog=************; Integrated Security=SSPI; Persist Security Info=False; Trusted_Connection=Yes"
providerName="System.Data.SqlClient" />
</connectionStrings>
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="Site.css">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Website/Login.aspx" timeout="2880" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="***********" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="**********" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="***********" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
This code will allow only anonymous users: (pay attention to the added deny node after the allow! 此代码将只允许匿名用户使用:(请注意允许之后添加的deny节点!
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="?"/>
<deny users="*" />
</authorization>
</system.web>
</location>
Try changing the paths to include ~/Website, the same as your forms authentication login location. 尝试更改路径以包含〜/ Web站点,与表单身份验证登录位置相同。 You wont need the login page specifed as by default it allows access as it is the LoginUrl in your formsauthentication setup.
您将不需要登录页面,因为默认情况下它允许访问,因为它是您的表单身份验证设置中的LoginUrl。
<location path="~/Website/Register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="~/Website/Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.