asp.net 4 WebForms由于授权规则而无法访问登录页面
[英]asp.net 4 WebForms cannot access login page because of authorization rule
问题描述
I have a default.aspx page which i want to deny access to anonymous users and in the same folder (root folder) i have Logon.aspx which i obviously want anonymous users to access. 
我有一个default.aspx页面,我想拒绝对匿名用户的访问,并且在同一文件夹(根文件夹)中,我有Logon.aspx ,我显然希望匿名用户访问。 I have tried the following as specified on Microsoft's support site but i get 401 when trying to access Logon.aspx: 我已经尝试按照Microsoft支持网站上的说明进行以下操作,但是尝试访问Logon.aspx时得到401:
<system.web>
<authentication mode="Forms" >
<forms loginUrl="Logon.aspx" name=".VISITAUTH"></forms>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
</system.web>
<location path="Logon.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
Does anyone have an idea of what i am missing? 有谁知道我想念的东西吗? My other option is to write some code to handle this in the Application_BeginRequest event in the global.asax but was hoping to do things the way Microsoft tells me to. 我的另一个选择是在global.asax的Application_BeginRequest事件中编写一些代码来处理此问题,但希望按照Microsoft告诉我的方式进行操作。
2 个解决方案
解决方案1
0 已采纳 2016-02-19 15:44:20
What i decided to do instead was to create a folder called admin which contained the entire application and left the logon in the root so the authorization rules only apply to the admin folder. 我决定要做的是创建一个名为admin的文件夹,其中包含整个应用程序,并将登录保留在根目录中,因此授权规则仅适用于admin文件夹。 Either Microsoft support is BS or i am missing something. Microsoft支持是BS,还是我缺少了一些东西。
Note: If anyone out there stumbles across this thread in years to come i will be happy to give you credit for giving me a worthy answer. 注意:如果在未来的几年中有人绊倒这个线程,我将很高兴为您提供一个值得我给予答复的荣誉。
解决方案2
0 2017-01-30 14:12:28
I recently started with .Net 4.x / Visual Studio 2015 (upgraded from VS2008) and ran into the same problem when I wanted to add a quick and simple authentication mechanism to a working web application. 我最近开始使用.Net 4.x / Visual Studio 2015(从VS2008升级),当我想向工作的Web应用程序添加快速简单的身份验证机制时遇到了相同的问题。 One of the things that caught my attention was the url rewrite: when entering "Login.aspx" the web address changed to "Login", without the .aspx extension, so I tried a few things and here's a solution: 引起我注意的事情之一是URL重写:当输入“ Login.aspx”时,Web地址更改为“ Login”,没有.aspx扩展名,因此我尝试了一些方法,下面是一个解决方案:
<system.web>
<authentication mode="Forms" >
<forms loginUrl="Logon.aspx" name=".VISITAUTH"></forms>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
</system.web>
<location path="Logon.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<location path="Logon">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
The second location ("Logon") is a rewrite of the first one ("Logon.aspx") and thus needs the same authorization rules. 第二个位置(“ Logon”)是第一个位置(“ Logon.aspx”)的重写,因此需要相同的授权规则。
In hindsight, it seems logical to me that both paths need to be granted access. 事后看来,对我来说,两条路径都需要被授予访问权限似乎是合乎逻辑的。 Perhaps it's unlogical though that it needs to be done explicitly , while the loginUrl of the forms authentication only mentions the original path. 尽管需要显式地进行操作,但这是不合逻辑的,而表单身份验证的loginUrl仅提及原始路径。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.