[英]ASP.NET Deny Access to certain pages based on roles
I have the following in web.config, but still users without role MAnager or Admin can still access the pAccessData.aspx page.我在 web.config 中有以下内容,但没有角色 MANager 或 Admin 的用户仍然可以访问 pAccessData.aspx 页面。 The page is stored in directory Users该页面存储在目录Users中
<location path="Users" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="~/Users/ChangePassword.aspx" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="~/Users/pAccessData.aspx" >
<system.web>
<authorization>
<allow roles="Manager,Admin"/>
<deny users="*" />
</authorization>
</system.web>
</location>
You did not add <deny users="?"/>
, it should be like...您没有添加<deny users="?"/>
,应该是...
<location path="Users/pAccessData.aspx" >
<system.web>
<authorization>
<deny users="?"/>
<allow roles="Manager,Admin"/>
</authorization>
</system.web>
</location>
Edit: you have specified <allow users="*" />
which means, it will allow access to all users, as you have not mentioned the roles for which a user can access the folder.编辑:您已指定<allow users="*" />
这意味着,它将允许所有用户访问,因为您没有提到用户可以访问文件夹的角色。
<location path="Users" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.