I am trying to get the simplest example of allowing access by default, denying access unless authenticated to specific directories in IIS, to work. When you Google around, everyone says it's as simple as this:
<location path="~/pages">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Somehow it hasn't been for me.
Here's the project structure:
Here's the Web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/" />
</authentication>
<authorization>
<!--<deny users="*"/>-->
</authorization>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<location path="~/pages">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
The goal is to allow all users to access index.html and to deny access to everything in pages.
Here's my observations:
<!--<deny users="*"/>-->
works when un-commented. <modules runAllManagedModulesForAllRequests="true" />
. Remove this, deny
doesn't work anywhere. deny
in <location path="~/pages">
doesn't work. Setting the path to pages
or pages/secure.html
or ~/pages/secure.html
also doesn't work. What's the problem here?
it doesn't like the path "~/pages" . The following works for me
<configuration>
<system.web>
<authentication mode="Forms"/>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"></modules>
</system.webServer>
<!-- note the change below -->
<location path="pages" >
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.