I'm currently working on an ASP.NET website that uses Forms Authentication
to restrict access to some files ( ~/resources/restricted/*
) a user needs to register to see. Unfortunately, this has the extra effect of disallowing a background ( ~/common/images/backgrounds/bg_community.jpg
) in an unrelated section of the website.
What is wrong with my configuration/how can I fix this?
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<!-- ... --->
<system.web>
<!-- ... --->
<authentication mode="Forms">
<forms loginUrl="~/users/login.aspx" />
</authentication>
<!-- ... --->
</system.web>
<!-- ... --->
<location path="~/resources/restricted">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<!-- ... --->
</configuration>
I'm not sure for the path, I think that this would be enough:
path="resources/restricted"
In situations like this, I like to create additional web.config file located inside /resources/restricted/ folder. This way you can be sure which location you control. The downside is that you have more than one config file.
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users ="?"/>
</authorization>
</system.web>
</configuration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.