即使 web.config 设置为允许,ASP.NET 返回 401 Unauthorized for a file?
[英]ASP.NET returns 401 Unauthorized for a file even when web.config is set up to allow it?
问题描述
I'm probably missing something easy here, but I have an ASP.NET website that uses Identity and roles, and I'm trying to restrict access to a folder containing some MP4 videos so that anonymous users cannot see direct links to those videos.
我可能在这里遗漏了一些简单的东西,但我有一个使用身份和角色的 ASP.NET 网站,并且我试图限制对包含一些 MP4 视频的文件夹的访问,以便匿名用户无法看到这些视频的直接链接。
I had this in my web.config for the folder:我在文件夹的 web.config 中有这个:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="Admin"/>
<allow roles="User"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
The asp:LoginView control works fine with this setup, but the videos return a 401 error. asp:LoginView 控件在此设置下工作正常,但视频返回 401 错误。
I tried this as well with the same result:我也尝试过,结果相同:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
If I remove everything from the authorization tag, then it works so I know all the paths are right and something about the authorization setup is preventing it from serving that video.如果我从授权标签中删除所有内容,那么它就可以工作,所以我知道所有路径都是正确的,并且授权设置的某些内容会阻止它提供该视频。
I also tried calling out the Files directory individually like this:我还尝试像这样单独调用 Files 目录:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="Admin"/>
<allow roles="User"/>
<deny users="*" />
</authorization>
</system.web>
<location path="Files">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
Unfortunately, this makes it so that I can access the video link even when not logged in (which is what I am trying to prevent).不幸的是,这使得即使没有登录也可以访问视频链接(这是我试图阻止的)。
If I try to do a role based setup for the Files subfolder like this (which I don't think should be any different from the first version) then I'm back to getting a 401 on the video, even when logged in:如果我尝试像这样为 Files 子文件夹进行基于角色的设置(我认为这与第一个版本没有任何不同),那么即使登录,我也会在视频上获得 401:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="Admin"/>
<allow roles="User"/>
<deny users="*" />
</authorization>
</system.web>
<location path="Files">
<system.web>
<authorization>
<allow roles="Admin"/>
<allow roles="User"/>
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
What am I missing here?我在这里想念什么?
1 个解决方案
解决方案1
1 已采纳 2020-08-11 00:17:49
I modified my answer.我修改了我的答案。 I think the following is what you are looking for:我认为以下是您正在寻找的内容:
How to prevent anonymous users from accessing a file using forms authentication? forms认证如何防止匿名用户访问文件?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.