stackoom
  简体   繁体   中英

ASP.Net - How can I allow imported script files be viewed by unauthenticated users when using Forms Authentication?

 原文  2009-11-18 16:28:35       asp.net/ javascript/ forms-authentication

Question

I'm using ASP.Net and forms authentication. When a user is directed to the Login Page I get a JavaScript error:

Message: Syntax error Line: 3 Char: 1 Code: 0 URI: http://localhost:49791/login.aspx?ReturnUrl=%2fWebImageButton.js

This is because I am using a Custom Image Button in a separate Web Control Project control that adds a ScriptReference to the page: 

public class WebImageButton : LinkButton, IScriptControl, IButtonControl
{
    protected override void OnPreRender(EventArgs e)
    {

        // Link the script up with the script manager
        ScriptManager scriptManager = ScriptManager.GetCurrent(this.Page);
        if (scriptManager != null)
        {
            scriptManager.RegisterScriptControl(this);
            scriptManager.Scripts.Add(new ScriptReference("<snip>.WebImageButton.js", "<snip>"));
        }

        base.OnPreRender(e);

    }
}

If I add the following rule into my Web.Config, then the file is successfully imported: 

<location path="WebImageButton.js">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

This isn't very good as I have a number of custom controls that do the same thing, and I don't particularly fancy authenticating each of their js files individually.

Is there no way that I can declare that all imported script references should be allowed? I tried authorising the WebResource.axd file in-case that allows it, but the page itself (when rendered) physically references the WebImageButton.js file.

The ideal scenario would be something like the following: 

  <location path="My.WebControlLibraryProject.Controls">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Is there any way to achieve this without listing each file?

EDIT: Just to be clear, these script files are in another project and are not in my actual web project. I know how to declare the location paths of directory paths to include a large number of files in one wack, but I can't figure out how to authenticate automatic script references, which are from embedded resources.

3 answers

solution1
 0  2009-11-18 16:34:58

This is just a guess - have you tried putting in a wildcard in the location path? Perhaps something like < location path="*.js">?

solution2
 0  2009-11-18 16:35:07

You can specify a generic location and put all your scripts there so that all the scripts that don't require authorization will pass. You just need to change the path to whatever folder you want it to be and put the scripts there.

That will work for not only scripts, but other resources as well, such as images, style sheets, etc.

solution3
 0 ACCPTED  2009-11-18 17:38:57

Is the WebImageButton.js an embedded resource? As I've seen, you had implemented IScriptControl . Thus, you must return all of script references on the IScriptControl.GetScriptReferences . I think an embedded resource never be authorized. I use some of custom controls in different situation and don't have any problem. I'm wondering that script manager references to WebImageButton.js directly, and not in form of .axd file. So, I think the problem is arising from your resource file. 

public class WebImageButton : LinkButton, IScriptControl, IButtonControl
{

    protected ScriptManager ScriptManager
    {
        get
        {
            ScriptManager scriptManager = ScriptManager.GetCurrent(this.Page);
            if (scriptManager == null)
            {
                throw new System.Web.HttpException("<snip>");
            }
            return scriptManager;
        }
    }

    protected override void Render(HtmlTextWriter writer)
    {
        base.Render(writer);

        this.ScriptManager.RegisterScriptControl<WebImageButton>(this);
    }

    #region IScriptControl Members

    public System.Collections.Generic.IEnumerable<ScriptDescriptor> GetScriptDescriptors()
    {
        yield break;
    }

    public System.Collections.Generic.IEnumerable<ScriptReference> GetScriptReferences()
    {
        yield return new ScriptReference("<snip>.WebImageButton.js", "Assembly Name");
    }

    #endregion

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET web.config Forms Authentication, deny anonymous users, allow anonymous access for single files asp.net forms - protecting forms(or folders) from unauthenticated users How to auto-authenticate users via a link when using Forms Authentication and ASP.NET? Allow access for unathenticated users to specific page using ASP.Net Forms Authentication How can I allow users to script an ASP.NET web application? How can I extend the Forms Authentication time in ASP.Net? How do I get current logged in user's UserID when using ASP.NET Forms Authentication? How can I tell what the username is of an authenticated using Forms Authentication with ASP.NET How can I authenticate to an ASP.NET WebAPI that is using Forms Authentication From a C# Console Application? is it possible to use iis 7 to manage users when using forms authentication with asp.net
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM