允许IIS 7.5通过ASP.NET管道提供静态文件
[英]Allow IIS 7.5 from serving static files through ASP.NET pipeline
问题描述
I have few folders which are to be excluded from blocking like Content, Javascript and Scripts in web.config. 
我只有几个文件夹,它们被排除在web.config中的内容,Javascript和脚本之外。 Please help me achieve this. 请帮助我实现这一目标。
Here is the config: 这是配置:
<location path="TechDocs">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Content">
<system.web>
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Javascript">
<system.web>
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
2 个解决方案
解决方案1
0 2015-04-05 11:10:54
This is what we use 这就是我们使用的
<location path="Scripts">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Css">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
You have to ensure that you do not have a httpmodule that intercepts the requests and sends out 401 Unauthorized for any of the above resources 您必须确保您没有http模块来拦截请求并针对上述任何资源发出401 Unauthorized
The following is my routing configuration so that MVC does not accidentally route the requests to MVC, which you can apply either 以下是我的路由配置,以便MVC不会将请求意外路由到MVC,您可以应用
routes.IgnoreRoute("{*allaspx}", new { allaspx = @".*\.aspx(/.*)?" });
routes.IgnoreRoute("{*staticfile}", new { staticfile = @".*\.(ico|css|js|gif|jpg|woff|eot|svg|eot|ttf|otf)(/.*)?" });
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.IgnoreRoute("{resource}.wdgt/{*pathInfo}");
routes.IgnoreRoute("ChartImg.axd/{*pathInfo}");
routes.Ignore("{*pathInfo}", new { pathInfo = @"^.*(ChartImg.axd)$" });
routes.IgnoreRoute("{resource}.svc");
解决方案2
0 2015-04-07 02:35:02
I don't think you can do that. 我认为您无法做到。
The general rule of thumb with anything from Microsoft is that Deny always beats Allow, so if you're denying access at the root level, then you're not going to be able to grant access at a lower level unless you can remove the permissions inherited from the root level. 根据Microsoft的经验,一般的经验法则是,“拒绝”总是击败“允许”,因此,如果您拒绝在根级别进行访问,则除非能够删除权限,否则您将无法在较低级别授予访问权限从根级别继承。 I don't think there's a way to remove those inherited permissions. 我认为没有办法删除那些继承的权限。 I tried putting under but that isn't valid. 我试着放下,但这是无效的。
So you have to set the deny all users on each folder that needs to have access denied, you can't have it default to deny. 因此,您必须在每个需要拒绝访问的文件夹上设置“拒绝所有用户”,您不能将其默认设置为“拒绝”。 Also, maybe you shouldn't have tons of content in an IIS site if that content is denied to all users? 另外,如果所有用户都拒绝了IIS站点中的内容,也许您不应该拥有大量内容?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.