ASP.NET auth,排除root并允许匿名
[英]ASP.NET auth, exclude root & allow anonymous
问题描述
We have a weird issue found during setting up a new Windows 2003 Server with IIS6.0 & ASP.NET 2.0, our site is built using ASP.NET forms authentication with general authorization to deny access to all users & allow explicitly to static, home pages etc, -- web.config setting for forms auth looking as below: 
在使用IIS6.0和ASP.NET 2.0设置新的Windows 2003 Server时发现了一个奇怪的问题,我们的站点是使用ASP.NET表单身份验证构建的,具有一般授权,拒绝所有用户访问并允许显式静态,home页面等, - 表单身份验证的web.config设置,如下所示:
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="~/Pages/Users/Login.aspx" protection="All" timeout="60" defaultUrl="~/Pages/Inner.aspx">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Issue is this: 问题是这样的:
If we access the site as localhost/default.aspx works fine & can view the home page of our website, but if we access using localhost/ - expect to view the default.aspx (as it's set as default document), but for some reason ASP.NET Forms Authentication thinks "/" is a protected page or content & redirects me to login page. 如果我们访问该网站localhost / default.aspx工作正常,可以查看我们网站的主页,但如果我们使用localhost /访问 - 期望查看default.aspx(因为它设置为默认文档),但对于一些原因ASP.NET表单身份验证认为“/”是受保护的页面或内容并将我重定向到登录页面。
I couldn't find anyway to inform "/" as allow = *, in web.config... thought it might be linked with some NTFS & IIS permission issue with folders, could not get much update about.. 无论如何我无法在web.config中通知“/”为allow = *,认为它可能与文件夹的某些NTFS和IIS权限问题相关联,无法获得更多关于..
Any help to resolve this, would be appreciated. 任何帮助解决这个问题,将不胜感激。
Thanks 谢谢
Bhaskara 巴斯卡拉
1 个解决方案
解决方案1
1 2010-10-04 11:01:49
Over the weekend, above stated problem re-surfaced on our servers... while doing some other configuration changes & eventually found the root cause of issue (and not the simple "re-create" website suggested earlier). 在周末,上述问题重新出现在我们的服务器上......同时进行一些其他配置更改并最终找到问题的根本原因(而不是之前建议的简单“重新创建”网站)。
Here is the issue & solution: 这是问题和解决方案:
We have our main website as simple ASP.NET based & NOT MVC app.
我们的主网站是基于ASP.NET和NOT MVC的简单应用程序。 Website contains 1 virtual directory, build on MVC framework & as per the guidelines to enable MVC (http://haacked.com/archive/2008/11/26/asp.net-mvc-on-iis-6-walkthrough.aspx) - we were supposed to setup the .mvc pattern & subsequent wildcard mapping for extension less URLs
网站包含1个虚拟目录,构建于MVC框架之上,并根据启用MVC的指南(http://haacked.com/archive/2008/11/26/asp.net-mvc-on-iis-6-walkthrough.aspx ) - 我们应该为扩展名较少的URL设置.mvc模式和后续的通配符映射 Mistake we did was, instead of setting up MVC properties at the virtual directory, it was setup at root level... main website was set for forms-auth & wildcard mapping ended up triggering asp.net forms auth
我们做的错误是,不是在虚拟目录中设置MVC属性,而是在根级别设置...主要网站设置为form-auth和通配符映射最终触发asp.net表单身份验证 Issue was resolved, when removed wildcard mapping at root & only setup on the virtual directory (that was not set with asp.net auth & allowed anonymous access to all pages)
问题已解决,当在root上删除通配符映射并且仅在虚拟目录上设置时(未使用asp.net auth设置并允许匿名访问所有页面)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.