ASP.NET Web应用程序内的HTML内容授权
[英]HTML content authorization inside asp.net web application
问题描述
I have a colleague that made a web site in plain html with little bit of css and javascript. 
我有一个同事用纯HTML制作了一个网站,并带有少量CSS和JavaScript。 I have a special task to prevent this page with simple login form. 我有一项特殊的任务来防止使用简单的登录表单来显示此页面。 My colleague will continuouslly work on his html, but he is not allowed to write any asp.net or to publish content on remote servers. 我的同事将继续使用他的html进行工作,但不允许他编写任何asp.net或在远程服务器上发布内容。
I am an asp.net developer and my first idea was to include all his content inside web aplication project's folder named 'Content'. 我是一个asp.net开发人员,我的第一个想法是将他的所有内容包含在Web应用程序项目的名为“内容”的文件夹中。 Then I've made simple login form (login.aspx), and inside web.config I've put authentication (with login.aspx as loginUrl) and authorization tags. 然后,我制作了简单的登录表单(login.aspx),并在web.config中放入了身份验证(将login.aspx作为loginUrl)和授权标签。 After that I've published whole project to remote server and I am going to share 'Content' folder with this user. 之后,我将整个项目发布到远程服务器,并与该用户共享“ Content”文件夹。 He'll have access to all html pages and will be able to continuouslly work on it just copying his updated or newly created html files to that folder. 他将有权访问所有html页面,并且只需将他更新的或新创建的html文件复制到该文件夹即可继续进行处理。
The whole thing about authorization and authentication works just fine when I run it locally on visual studio web development server. 当我在Visual Studio Web开发服务器上本地运行授权和身份验证时,整个工作就很好了。 When I am trying to access some html content, stored in 'Content' folder I am getting redirected to login.apsx and everything works as expected. 当我尝试访问存储在“内容”文件夹中的某些html内容时,我将重定向到login.apsx,并且一切正常。
I have a problem when I publish this complete asp.net web application to remote server. 当我将此完整的asp.net Web应用程序发布到远程服务器时,我遇到了问题。 When I try to access same html content I am not getting redirected to login.aspx and I can access all html pages inside 'Content' without authentication needed. 当我尝试访问相同的html内容时,我没有重定向到login.aspx,并且无需身份验证即可访问“内容”中的所有html页面。
This is authentication and authorization part of my web.config: 这是我的web.config的身份验证和授权部分:
<authentication mode="Forms">
<forms loginUrl="login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
And this is content of my login.aspx.cs: 这是我的login.aspx.cs的内容:
if (//USER WEB SERVICE CHECK)
{
if (Request.QueryString["ReturnUrl"] == null)
{
FormsAuthentication.SetAuthCookie(UserName.Text, true);
Response.Redirect("~/Content/index.html");
}
else
{
FormsAuthentication.RedirectFromLoginPage(UserName.Text, true);
}
}
else
{
FailureText.Text = "Wrong username or password...";
}
}
Do you have any better idea how to do it with asp.net? 您有更好的主意如何使用asp.net吗? Why this form authentication is not working when i publish it? 为什么我发布此表单身份验证不起作用? Is it possible to prevent accessing plain html content, as part of web application, when whole thing is published? 当整个内容发布时,是否有可能阻止访问纯html内容(作为Web应用程序的一部分)?
I am constantly using the same principle in my asp.net projects and it works just fine on same remote server. 我在asp.net项目中经常使用相同的原理,并且在同一台远程服务器上也可以正常工作。 I even tried to put this on another server, but I've got the same effect. 我什至尝试将其放置在另一台服务器上,但效果相同。
The structure of my web app project is following: 我的Web应用程序项目的结构如下:
ApplicationFolder
|
- login.aspx
|
- web.config
|
- CONTENT
|
- index.html
- ...
Additionally I've tried to put some aspx content in CONTENT folder, and authentication redirection works just fine. 另外,我尝试将一些aspx内容放入CONTENT文件夹中,并且身份验证重定向也可以正常工作。 Is it even possible to user forms authentication to secure html content inside web application? 甚至可以通过用户表单身份验证来保护Web应用程序中的html内容吗?
Remote server uses IIS 6 and ASP.NET runtime does not process html files, and because of that forms authentication does not work. 远程服务器使用IIS 6,ASP.NET运行时不处理html文件,因此,表单身份验证无法正常工作。 I've renamed html file extension to aspx and everything works fine. 我已经将html文件扩展名重命名为aspx,并且一切正常。 I am satisfied with this solution for now, but if someone has better solution please write it here... 我现在对此解决方案感到满意,但是如果有人有更好的解决方案,请在此处写下...
I've read that there is a workaround with web site configuration on IIS 6 (http://forums.asp.net/t/1184547.aspx), but I am not allowed to this on my server. 我已经阅读到IIS 6(http://forums.asp.net/t/1184547.aspx)上的网站配置有解决方法,但是我的服务器上不允许这样做。
3 个解决方案
解决方案1
0 2012-02-21 17:18:35
我认为您最好检查服务器上该应用程序的IIS设置,与本地应用程序应该有所不同,您需要对其进行更改。
解决方案2
0 2012-02-22 12:55:47
Open IIS, click on the project in question in the site treeview. 打开IIS,在站点树视图中单击有问题的项目。 Select the "Authentication" menu and check whether Formsauthentication is enabled or disabled. 选择“身份验证”菜单,然后检查是否启用了表单身份验证。 If this does not work, try to disable the windows authentication. 如果这不起作用,请尝试禁用Windows身份验证。
解决方案3
0 2012-03-06 09:42:45
I've finally solved this problem if someone would have same issue as me.... 如果有人和我有同样的问题,我终于解决了这个问题。
I've anyway changed IIS 6 settings as described in http://forums.asp.net/t/1184547.aspx , have written custom request handler with following code below 无论如何,我已经按照http://forums.asp.net/t/1184547.aspx中所述更改了IIS 6设置,并使用下面的代码编写了自定义请求处理程序
public class DocHandler : IHttpHandler
{
public DocHandler() { }
public void ProcessRequest(HttpContext context)
{
string path = context.Request.PhysicalPath;
string name = path.Split('\\')[path.Split('\\').Length - 1];
if (!string.IsNullOrEmpty(path) && path.ToLower().EndsWith(".pdf"))
{
context.Response.ClearHeaders();
context.Response.ClearContent();
context.Response.Clear();
context.Response.Charset = null;
context.Response.ContentType = "application/pdf";
context.Response.AddHeader("Content-Type", "application/pdf");
context.Response.AppendHeader("Content-Disposition", string.Format("inline;filename={0}", name));
context.Response.WriteFile(path);
}
else if (!string.IsNullOrEmpty(path) && path.ToLower().EndsWith(".doc"))
{
context.Response.ClearHeaders();
context.Response.ClearContent();
context.Response.Clear();
context.Response.Charset = null;
context.Response.ContentType = "application/msword";
context.Response.AddHeader("Content-Type", "application/msword");
context.Response.AppendHeader("Content-Disposition", string.Format("inline;filename={0}", name));
context.Response.WriteFile(path);
}
else if (!string.IsNullOrEmpty(path) && path.ToLower().EndsWith(".xls"))
{
context.Response.ClearHeaders();
context.Response.ClearContent();
context.Response.Clear();
context.Response.Charset = null;
context.Response.ContentType = "application/vnd.ms-excel";
context.Response.AddHeader("Content-Type", "application/vnd.ms-excel");
context.Response.AppendHeader("Content-Disposition", string.Format("inline;filename={0}", name));
context.Response.WriteFile(path);
}
else if (!string.IsNullOrEmpty(path) && path.ToLower().EndsWith(".ppt"))
{
context.Response.ClearHeaders();
context.Response.ClearContent();
context.Response.Clear();
context.Response.Charset = null;
context.Response.ContentType = "application/vnd.ms-powerpoint";
context.Response.AddHeader("Content-Type", "application/vnd.ms-powerpoint");
context.Response.AppendHeader("Content-Disposition", string.Format("inline;filename={0}", name));
context.Response.WriteFile(path);
}
else if (!string.IsNullOrEmpty(path) && path.ToLower().EndsWith(".html"))
{
context.Response.ClearHeaders();
context.Response.ClearContent();
context.Response.Clear();
context.Response.Charset = null;
context.Response.ContentType = "text/html";
context.Response.AddHeader("Content-Type", "text/html");
context.Response.AppendHeader("Content-Disposition", string.Format("inline;filename={0}", name));
context.Response.WriteFile(path);
}
else
{
throw new System.IO.FileNotFoundException("The page requested is invalid", path);
}
}
public bool IsReusable { get { return false; } }
}
and finally added following section to web.config 最后将以下部分添加到web.config
<add verb="GET" path="*.pdf" type="PartnerPortal.DocHandler" validate="false" />
<add verb="GET" path="*.doc" type="PartnerPortal.DocHandler" validate="false" />
<add verb="GET" path="*.xls" type="PartnerPortal.DocHandler" validate="false" />
<add verb="GET" path="*.ppt" type="PartnerPortal.DocHandler" validate="false" />
<add verb="*" path="*.html" type="PartnerPortal.DocHandler" validate="false" />
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.