堆栈内存溢出
  简体   繁体   English

有权访问register.aspx但被重定向到登录页面的匿名用户

[英]Anonymous users authorized to access register.aspx but being re-directed to login page

 原文  2013-03-01 08:53:51       asp.net/ authorization

问题描述

Trying to restrict anonymous users to login.aspx, register.aspx and Site.css files and authenticated to have access to whole site. 试图限制匿名用户访问login.aspx,register.aspx和Site.css文件,并进行身份验证以可以访问整个站点。 Currently anonymous can access login.aspx and Site.css as styles appearing correctly. 当前,匿名用户可以访问login.aspx和Site.css,因为它们显示的样式正确。 However when I click on register.aspx link I get redirected to login.aspx page. 但是,当我单击register.aspx链接时,我被重定向到login.aspx页面。

Below my web.config in web root. 在我的web.config中的Web根目录下。 There are no other web.configs in directory structure. 目录结构中没有其他web.configs。 I don't know if I should be looking anywhere else (I know WSAT can sometimes hold rules but not sure if superseded by root Web.config). 我不知道我是否应该在其他地方查看(我知道WSAT有时可以保存规则,但不确定是否由根Web.config取代)。

Was just thinking login and register files reference a master page would this need explicit authorization as well? 是否只是在考虑登录和注册文件引用母版页,这是否也需要显式授权? Although wouldn't explain why login works for anonymous but register doesn't. 尽管不会解释为什么登录对于匿名用户有效,但注册无效。

Thanks for your help! 谢谢你的帮助! Anthony. 安东尼 

<?xml version="1.0"?>

<configuration>
  <connectionStrings>
    <add name="************"
         connectionString="Data Source=**********; Initial Catalog=************; Integrated Security=SSPI; Persist Security Info=False; Trusted_Connection=Yes"
         providerName="System.Data.SqlClient" />
  </connectionStrings>

  <location path="Register.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>

  <location path="Login.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>

  <location path="Site.css">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />

    <authentication mode="Forms">
      <forms loginUrl="~/Website/Login.aspx" timeout="2880" />
    </authentication>

    <authorization>
      <deny users="?"/>
    </authorization>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="***********" />
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="**********" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="***********" applicationName="/" />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>
  </system.web>

  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

2 个解决方案

解决方案1
 0  2015-01-06 15:01:53

This code will allow only anonymous users: (pay attention to the added deny node after the allow! 此代码将只允许匿名用户使用:(请注意允许之后添加的deny节点! 

<location path="Register.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
        <deny users="*" />
      </authorization>
    </system.web>
  </location>

解决方案2
 -1 已采纳  2013-03-01 09:09:08

Try changing the paths to include ~/Website, the same as your forms authentication login location. 尝试更改路径以包含〜/ Web站点,与表单身份验证登录位置相同。 You wont need the login page specifed as by default it allows access as it is the LoginUrl in your formsauthentication setup. 您将不需要登录页面,因为默认情况下它允许访问,因为它是您的表单身份验证设置中的LoginUrl。 

  <location path="~/Website/Register.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>

  <location path="~/Website/Login.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Register.aspx将匿名用户重定向到“登录”页面 - Register.aspx redirects Anonymous users to Login page Register.aspx出错 - Error in Register.aspx 某些用户对aspx的匿名访问 - Anonymous access to aspx for some users 需要帮助将其他注册信息存储在register.aspx中 - Need help storing additional registration info in register.aspx 匿名访问aspx页面失败 - anonymous access to aspx page fails 授权用户无法访问他们的页面 - authorized users cannot access their page 允许匿名用户仅访问ASP.NET中的“登录和注册”页面 - Allow anonymus users to access only Login and Register page in ASP.NET 在 C# 中,如何将用户重定向到访问被拒绝错误 aspx 页面? - In C#, how to redirect users to an access denied error aspx page? 在ASPX页面中访问ASPX变量 - Access ASPX variable in ASPX page ASP.NET安全:拒绝登录页面的匿名访问 - ASP.NET Security: Deny Anonymous access to login page
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM