ASP.NET 根据角色拒绝访问某些页面

Question

I have the following in web.config, but still users without role MAnager or Admin can still access the pAccessData.aspx page.我在 web.config 中有以下内容，但没有角色 MANager 或 Admin 的用户仍然可以访问 pAccessData.aspx 页面。 The page is stored in directory Users该页面存储在目录Users中

<location path="Users"  >
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

  <location path="~/Users/ChangePassword.aspx"  >
    <system.web>
      <authorization>
        <allow users="*"  />
      </authorization>
    </system.web>
  </location>

  <location path="~/Users/pAccessData.aspx"  >
    <system.web>
      <authorization>
        <allow roles="Manager,Admin"/>
        <deny users="*" />
      </authorization>
    </system.web>
  </location>

Answer 1

You did not add <deny users="?"/> , it should be like...您没有添加<deny users="?"/> ，应该是...

<location path="Users/pAccessData.aspx"  >
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow roles="Manager,Admin"/>            
      </authorization>
    </system.web>
  </location>

Edit: you have specified <allow users="*" /> which means, it will allow access to all users, as you have not mentioned the roles for which a user can access the folder.编辑：您已指定<allow users="*" />这意味着，它将允许所有用户访问，因为您没有提到用户可以访问文件夹的角色。

<location path="Users"  >
<system.web>
  <authorization>
    <allow users="*" />
  </authorization>
</system.web>

ASP.NET 根据角色拒绝访问某些页面

问题描述

1 个解决方案

解决方案1
3 2011-05-25 05:56:21

ASP.NET 根据角色拒绝访问某些页面

问题描述

1 个解决方案

解决方案1 3 2011-05-25 05:56:21

解决方案1
3 2011-05-25 05:56:21