stackoom
  简体   繁体   中英

Deny access to 'admin' folder in web.config

 原文  2011-01-28 03:14:12       asp.net/ security

Question

I am new to ASP.NET, so forgive me if this is simple.

I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:

path attribute must be a relative virtual path. It cannot start with any of ' ' '.' '/' or '\\'. C:\\Personal\\Projects\\OliverSalon\\web.config

I have tried placing "Admin", "/Admin" & "Admin/" 

<configuration>

<connectionStrings>
    <add name="OliverSalonConnectionString1" connectionString="Data Source=localhost;Initial Catalog=OliverSalon;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
    <compilation debug="false" targetFramework="4.0" />
    <authentication mode="Forms">
        <forms name="Oliver" loginUrl="Login.aspx" path="/" timeout="20">
            <credentials passwordFormat="Clear">
                <user name="OliverSalon" password="cuts"/>
            </credentials>
        </forms>
    </authentication>
    <authorization >
        <deny users="?"/>
    </authorization>
</system.web>
<location path="/Admin">
    <system.webServer>
        <directoryBrowse enabled="false"/>
    </system.webServer>
</location>

1 answers

solution1
 24 ACCPTED  2011-01-28 03:41:46

This is way back from my web form days.

Place a web.config in your admin folder.

The contents should be: 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
          <allow roles="admin" />
          <deny users ="*" />
        </authorization>
    </system.web>
</configuration>

** EDIT to answer your question If you set the login url the framework will automatically send you to the login page if an unauthorized user tries to access your admin folder. 

        <authentication mode="Forms">
            <forms loginUrl="Login.aspx" timeout="20" slidingExpiration="true" cookieless="AutoDetect" protection="All" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx" path="/"/>
</authentication>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Web.config Deny access to subfolder recursively Deny access to a webpage using web.config Web.Config Authorization for folder access Restrict access to file/folder in web.config web.config authorization deny unauthorised ASP.NET web.config Forms Authentication, deny anonymous users, allow anonymous access for single files How to access Web.config which is located in another sub folder Control Website Folder Access using Web.config and session variable? Controlling access with web.config web.config - how to allow specific IP regardsless of <deny users=“*” />
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM