stackoom
  简体   繁体   中英

IIS, denying access to static files; What is wrong with this example?

 原文  2014-10-01 15:23:11       asp.net/ iis/ web-config/ forms-authentication/ static-files

Question

I am trying to get the simplest example of allowing access by default, denying access unless authenticated to specific directories in IIS, to work. When you Google around, everyone says it's as simple as this: 

<location path="~/pages">
    <system.web>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>

Somehow it hasn't been for me.

Here's the project structure:

在此处输入图片说明

Here's the Web.config: 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
        <authentication mode="Forms">
            <forms loginUrl="~/" />
        </authentication>
        <authorization>
            <!--<deny users="*"/>-->
        </authorization>
    <compilation debug="true" targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5.1" />
  </system.web>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true" />
    </system.webServer>
    <location path="~/pages">
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>
</configuration>

The goal is to allow all users to access index.html and to deny access to everything in pages.

Here's my observations:

  • <!--<deny users="*"/>--> works when un-commented.
  • It doesn't work at all without <modules runAllManagedModulesForAllRequests="true" /> . Remove this, deny doesn't work anywhere.
  • The deny in <location path="~/pages"> doesn't work. Setting the path to pages or pages/secure.html or ~/pages/secure.html also doesn't work.

What's the problem here?

1 answers

solution1
 2 ACCPTED  2014-10-02 18:18:13

it doesn't like the path "~/pages" . The following works for me 

<configuration>
    <system.web>
        <authentication mode="Forms"/>
        <compilation debug="true" targetFramework="4.5.1" />
        <httpRuntime targetFramework="4.5.1" />
    </system.web>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"></modules>
    </system.webServer>

    <!-- note the change below -->
    <location path="pages" >
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>
</configuration>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question access to static files on IIS How to restrict access to static files in IIS 7.5 Classic mode URL rewrite IIS for static.example.com IIS Express static files not found Setting Charset for static files in iis Denying users in windows authentication IIS 8.5 IIS recycle causes error in static dataset access IIS 500.0 AuthenticateRequest error for static files HTTPModule for static files sometimes fails to run on IIS 6 IIS doesn't serve any static files
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM