web.config中的用戶身份驗證

Question

這是我的web.config

 <?xml version="1.0" encoding="utf-8"?> <!-- For more information on how to configure your ASP.NET application, please visit http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <configSections> <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 --> <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core"> <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" /> <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" /> <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /> <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /> </sectionGroup> <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 --> </configSections> <connectionStrings> <!--<add name="ARTSQLConStrng" providerName="System.Data.SqlClient" connectionString="Data Source=(LocalDb)\\v11.0;Initial Catalog=aspnet-ARTBASE SYSTEMS Web Application-20150702042901;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\\aspnet-ARTBASE SYSTEMS Web Application-20150702042901.mdf" /> --> <add name="ARTSQLConStrng" providerName="System.Data.SqlClient" connectionString="Data Source=EMBRYOLOGIST;Initial Catalog=ARTSQL;Persist Security Info=True;User ID=ARTSQLDB;Password=abumaizer85;Integrated Security=SSPI" /> </connectionStrings> <system.web> <authorization> <allow users="*" /> </authorization> <customErrors mode="On" defaultRedirect="~/ARTSQLAPP/ErrorPages/Oops.aspx"> <error statusCode="404" redirect="~/404.html" /> </customErrors> <trace enabled="true" localOnly="false" pageOutput="false" requestLimit="50" /> <httpHandlers> <add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" validate="false" /> </httpHandlers> <compilation debug="true" strict="false" explicit="true" targetFramework="4.5"> <assemblies> <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /> <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845DCD8080CC91" /> <add assembly="Microsoft.ReportViewer.Common, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845DCD8080CC91" /> <add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /> <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> </assemblies> <buildProviders> <add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /> </buildProviders> </compilation> <httpRuntime maxRequestLength="1048576" requestValidationMode="2.0" targetFramework="4.5" /> <!--maxRequestLength="1048576" add by ARTSQL Nov 1 15 , requestValidationMode="2.0" add by ARTSQL Nov 30 15 --> <pages smartNavigation="true" maintainScrollPositionOnPostBack="true"> <!--smartNavigation="true" maintainScrollPositionOnPostBack="true" add by ARTSQL Dec 14 15 --> <namespaces> <add namespace="System.Web.Optimization" /> </namespaces> <controls> <add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" /> </controls> </pages> <authentication mode="Forms"> <forms loginUrl="~/login.aspx" defaultUrl="~/Default.aspx" timeout="60" /> </authentication> <profile defaultProvider="DefaultProfileProvider"> <providers> <add name="SqlProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ARTSQLConStrng" applicationName="/ARTdBASE" description="SqlProvider" /> </providers> <properties> <add name="ZipCode" /> <add name="CityAndState" /> </properties> </profile> <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15"> <providers> <add connectionStringName="ARTSQLConStrng" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordFormat="Hashed" passwordStrengthRegularExpression="(?=.{6,})(?=(.*\\d){1,})(?=(.*\\W){1,})" applicationName="/ARTdBASE" name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" /> </providers> </membership> <!--<providers> <add connectionStringName="ARTSQLConStrng" applicationName="ARTBASE" name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </providers>--> <roleManager enabled="true" defaultProvider="SqlProvider"> <providers> <clear /> <add connectionStringName="ARTSQLConStrng" applicationName="/ARTdBASE" name="SqlProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add applicationName="/ARTdBASE" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> <!-- If you are deploying to a cloud environment that has multiple web server instances, you should change session state mode from "InProc" to "Custom". In addition, change the connection string named "ARTSQLConStrng" to connect to an instance of SQL Server (including SQL Azure and SQL Compact) instead of to SQL Server Express. --> <sessionState mode="InProc" customProvider="SqlProvider" timeout="39"> <providers> <add name="SqlProvider" applicationName="/ARTdBASE" cookieless="false" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="ARTSQLConStrng" /> </providers> </sessionState> </system.web> <!--<location path="Default.aspx"> <system.web> <compilation debug="true"> <assemblies> --><!-- A bunch of other assemblies here--><!-- <add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </assemblies> </compilation> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </httpModules> </system.web> </location>--> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" /> <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" /> <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="EntityFramework" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.1.0.0" newVersion="1.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.2.13.0" newVersion="1.2.13.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Net.Http.Primitives" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.2.29.0" newVersion="4.2.29.0" /> </dependentAssembly> </assemblyBinding> <!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> </assemblyBinding> --> <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). --> <legacyHMACWarning enabled="0" /> </runtime> <entityFramework> <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework"> <parameters> <parameter value="v12.0" /> </parameters> </defaultConnectionFactory> <providers> <!--<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.DefaultProviderServices, EntityFramework.SqlServer" />--> <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" /> </providers> </entityFramework> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> <validation validateIntegratedModeConfiguration="false" /> <!-- <directoryBrowse enabled="true" /> --> <handlers> <add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <remove name="OPTIONSVerbHandler" /> <remove name="TRACEVerbHandler" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> </handlers> <security> <requestFiltering> <requestLimits maxAllowedContentLength="1073741824" /> <!--<security><requestFiltering><requestLimits maxAllowedContentLength="1073741824" /></requestFiltering></security> add by ARTSQL Nov 1 15--> </requestFiltering> </security> </system.webServer> <dotNetOpenAuth> <!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. --> <!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ --> <openid> <relyingParty> <security requireSsl="false"> <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. --> <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true"> <add endpoint="https://www.google.com/accounts/o8/ud" /> </trustedProviders>--> </security> <behaviors> <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible with OPs that use Attribute Exchange (in various formats). --> <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" /> </behaviors> </relyingParty> </openid> <messaging> <untrustedWebRequest> <whitelistHosts> <!-- Uncomment to enable communication with localhost (should generally not activate in production!) --> <!--<add name="localhost" />--> </whitelistHosts> </untrustedWebRequest> </messaging> <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --> <reporting enabled="true" /> </dotNetOpenAuth> <uri> <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names), which is necessary for OpenID urls with unicode characters in the domain/host name. It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. --> <idn enabled="All" /> <iriParsing enabled="true" /> </uri> <system.net> <defaultProxy enabled="true" /> <settings> <!-- This setting causes .NET to check certificate revocation lists (CRL) before trusting HTTPS certificates. But this setting tends to not be allowed in shared hosting environments. --> <!--<servicePointManager checkCertificateRevocationList="true"/>--> </settings> <mailSettings> <smtp from="artdbasemail@gmail.com"> <network host="google.com" password="Abumaizer85" userName="artdbasemail@gmail.com" /> </smtp> </mailSettings> </system.net> <system.serviceModel> <bindings /> <client /> </system.serviceModel> <appSettings> <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" /> <add key="Maintenance Mode" value="off" /> </appSettings> </configuration> 

現在，我有兩個用戶，兩個用戶都具有與管理員相同的角色，其中一個可以訪問所有子目錄，第二個用戶一直返回到登錄頁面，

下面的示例，兩者都可以訪問此頁面：

HTTP：//本地主機：1344 / Default.aspx的

只有一個人可以訪問此：

HTTP：//本地主機：1344 / ARTSQLAPP / CLNCORE / PatientRegistration.aspx

有什么想法嗎？

Answer 1

好吧，那是在權限目錄中，我搞砸了。 我從ASP Web應用程序管理中刪除了該規則，該規則已得到解決。