[英]forms authentication and deny access to all files
I have created a "restricted" page with the forms authentication and it's working well. 我创建了一个带有表单身份验证的“受限”页面,它运行良好。
<authentication mode="Forms">
<forms loginUrl="login.aspx" defaultUrl="documents.aspx" />
</authentication>
<location path="documents.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
I would like to deny access to a folder and all the files that it contains depending on this authentication. 我想根据此身份验证拒绝访问文件夹及其包含的所有文件。 Basically, documents.apsx has a document list that you can download.
基本上,documents.apsx具有可下载的文档列表。 If I try to access to www.mywebsite.com/documents I'm automatically redirect to the login.aspx.
如果尝试访问www.mywebsite.com/documents,则会自动重定向到login.aspx。 I added the following Web.config in my Documents folder:
我在“文档”文件夹中添加了以下Web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
However, if I know the path of a document, for example www.mywebsite.com/documents/test.pdf I can access to this file. 但是,如果我知道文档的路径,例如www.mywebsite.com/documents/test.pdf,则可以访问此文件。
My question is: How can I deny access to all the files in the Document folder if you are not authenticated? 我的问题是:如果未通过身份验证,如何拒绝访问“文档”文件夹中的所有文件?
Put all your doucments PDF in a folder and set restriction on that folder like this: 将所有文档PDF放在一个文件夹中,并在该文件夹上设置限制,如下所示:
<location path="FolderName">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.