堆栈内存溢出
  简体   繁体   English

ASP.Net Web应用程序安全性不适用于IIS 7?

[英]ASP.Net Web Application Security dont work on IIS 7?

 原文  2011-01-20 07:54:37       asp.net/ sql/ security/ iis-7/ web-config

问题描述

i am facing a wierd problem 我面临着一个奇怪的问题

i use visual studio 2010, SQL express 2008 on win server 2008 我在win server 2008上使用visual studio 2010,SQL Express 2008

after running the wizard of security (created single user, set permissions like deny anonymous and allow the created user) and pressing F5 --> the site works just fine. 在运行安全向导(创建单个用户,设置权限,如拒绝匿名并允许创建的用户)并按F5 - >该网站工作正常。

when i move the folder to IIS 7 and "convert to application" the login page appears but it wont accept the password i provided. 当我将文件夹移动到IIS 7并“转换为应用程序”时,会出现登录页面,但它不会接受我提供的密码。

i was told that only Stackoverflow geniuses will answer this question. 有人告诉我,只有Stackoverflow天才会回答这个问题。

i am using .Net 4, manged pipleine mode --> inegrated 我正在使用.Net 4,manged pipleine模式 - > inegrated

IIS settings: IIS设置:

Anonymous Auth. 匿名认证 --> Enabled - >启用

Forms Auth. 表格认证。 --> Enabled - >启用

ASP.Net Impersonation, Basic Auth, Digest Auth, Windows Auth--> Disabled ASP.Net模拟,基本身份验证,摘要身份验证,Windows身份验证 - >已禁用

web.config web.config中 

<configuration>
  <connectionStrings>
    <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated     Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <authorization>
      <deny users="?"/>
      <allow users="statmaster"/>
    </authorization>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"     enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
      </providers>
    </membership>

    <profile>
      <providers>    
        <clear/>    
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>
    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"     connectionStringName="ApplicationServices" applicationName="/"/>

        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
      </providers>
    </roleManager>
  </system.web>

  <system.webServer>  
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>

the username exists in aspnet_Users table and the username "encrypted" in aspnet_Membership table 用户名存在于aspnet_Users表中,用户名“加密”在aspnet_Membership表中

1 个解决方案

解决方案1
 4 已采纳  2011-01-20 12:50:03

Read the article 阅读文章

Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers 配置ASP.NET 2.0成员身份和其他提供程序时始终设置“applicationName”属性

try creating a new website and put the application component in the root in case web.config application name = "/" 尝试创建一个新网站,并将应用程序组件放在root中,万一web.config application name =“/”

i hope this will solve it 我希望这能解决它 

  <membership>
        <providers>
            <clear/>
            <add name="AspNetSqlMembershipProvider"
                type="System.Web.Security.SqlMembershipProvider, System.Web,      Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                connectionStringName="LocalSqlServer"
                enablePasswordRetrieval="false"
                enablePasswordReset="true"
                requiresQuestionAndAnswer="true"
  requiresUniqueEmail="false"
                passwordFormat="Hashed"
                maxInvalidPasswordAttempts="5"
                minRequiredPasswordLength="7"
                minRequiredNonalphanumericCharacters="1"
                passwordAttemptWindow="10"
                passwordStrengthRegularExpression="" 
                applicationName="/" 
            />
        </providers>
  </membership>

http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在IIS中托管一个ASP.NET Web应用程序 - Host an asp.net web application in IIS IIS 7或ASP.NET安全 - IIS 7 or ASP.NET security 使集成安全性和 CORS 与 Asp.Net、Angular 6 和 IIS 配合使用 - Making Integrated security and CORS work with Asp.Net, Angular 6 and IIS ASP.NET CORE 3.0 应用到默认网站/MySite 下的 IIS 无法正常工作 - ASP.NET CORE 3.0 application to IIS under Default Web Site/MySite does not work properly 针对完整dotnet框架的ASP.NET Core Web应用程序是否可以在IIS中运行? - Does ASP.NET Core web application targeting full dotnet framework work in IIS? IIS Web部署ASP.net Web应用程序vb - IIS Web Deployment ASP.net Web Application vb IIS 6编译的Web应用程序上的ASP.NET路由 - ASP.NET routing on IIS 6 Compiled web application 在 IIS 6 上使用路由部署 ASP.NET 4 Web 窗体应用程序 - Deploying ASP.NET 4 Web Forms Application Using Routing on IIS 6 如何使用 IIS 配置 Asp.Net Web 应用程序 - How to configure Asp.Net Web Application with IIS 运行 exe 的 ASP.NET Web 应用程序在 VS 中工作,而不是在 IIS 中 - ASP.NET Web application running an exe works in VS, not in IIS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM