为站点中的多个子文件夹启用 FormsAuthentication
我们正在尝试在我们的网站上实现 formsAuthentication,但在我们还无法找到解决方案的情况下 - 除了创建我们自己的 HttpModule 并自己执行自定义逻辑 - 所以我想我会扔掉提出问题,看看这是否确实是唯一的解决方案。
我们希望在自定义会员资格提供程序之上使用 formsAuthentication,但希望对不同的文件夹使用不同的提供程序。 我们的站点使用子文件夹对这些部分进行分区(例如:~/Admin、~/GoldCustomer、~/SilverCustomer、~/BronzeCustomer),因此我们希望为每个部分/子文件夹使用不同的会员提供程序。 使用框架来支持这一点,我们将实现我们的 web.config,如下所示:
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="AdminAuth" loginUrl="~/AdminLogin.aspx" />
</authentication>
<membership defaultProvider="AdminProvider" >
<providers >
<add connectionStringName="ConnString" name="AdminProvider" type="Assembly.AdminMembershipProvider" ... />
</providers>
</membership>
</system.web>
</location>
<location path="GoldCustomer">
<system.web>
<authentication mode="Forms">
<forms name="GoldCustomerAuth" loginUrl="~/GoldCustomerLogin.aspx" />
</authentication>
<membership defaultProvider="GoldCustomerProvider" >
<providers >
<add connectionStringName="ConnString" name="GoldCustomerProvider" type="Assembly.GoldCustomerMembershipProvider" ...="" />
</providers>
</membership>
</system.web>
</location>
<system.web>
<compilation debug="true" />
<authentication mode="Forms" />
</system.web>
</configuration>
这样做会导致运行时错误:
在应用程序级别之外使用注册为allowDefinition ='MachineToApplication'的部分是错误的。 此错误可能是由于未将虚拟目录配置为 IIS 中的应用程序而导致的。
Line 11: <location path="Admin">
Line 12: <system.web>
Line 13: <authentication mode="Forms">
Line 14: <forms name="FormsAdmin" loginUrl="~/login.aspx" />
Line 15: </authentication>
似乎完成我们正在尝试的事情的唯一方法是使用自定义 HttpModule - 或更改我们的方法(例如将文件夹分解为 IIS 中的不同 Web 应用程序)。 这是正确的,还是我错过了什么? 或者还有其他我不知道的选择吗?
感谢您的帮助!
We're trying to implement formsAuthentication on our site, but in a scenario that we haven't been able to find a solution for yet - other than creating our own HttpModule and doing the custom logic ourselves - so I thought I'd toss the question out there to see if this was indeed the only solution.
We'd like to use formsAuthentication on top of custom Membership providers, but would like to use a different provider for different folders. Our site partitions these sections with subfolders (eg: ~/Admin, ~/GoldCustomer, ~/SilverCustomer, ~/BronzeCustomer), so we'd like to use different Membership providers for each section/subfolder. Using the framework to support this, we'd implement our web.config like:
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="AdminAuth" loginUrl="~/AdminLogin.aspx" />
</authentication>
<membership defaultProvider="AdminProvider" >
<providers >
<add connectionStringName="ConnString" name="AdminProvider" type="Assembly.AdminMembershipProvider" ... />
</providers>
</membership>
</system.web>
</location>
<location path="GoldCustomer">
<system.web>
<authentication mode="Forms">
<forms name="GoldCustomerAuth" loginUrl="~/GoldCustomerLogin.aspx" />
</authentication>
<membership defaultProvider="GoldCustomerProvider" >
<providers >
<add connectionStringName="ConnString" name="GoldCustomerProvider" type="Assembly.GoldCustomerMembershipProvider" ...="" />
</providers>
</membership>
</system.web>
</location>
<system.web>
<compilation debug="true" />
<authentication mode="Forms" />
</system.web>
</configuration>
Doing this though results in the runtime error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Line 11: <location path="Admin">
Line 12: <system.web>
Line 13: <authentication mode="Forms">
Line 14: <forms name="FormsAdmin" loginUrl="~/login.aspx" />
Line 15: </authentication>
It seems that the only way to accomplish what we're trying is with a custom HttpModule - or change our approach (like breaking the folders up into different web apps in IIS). Is this correct, or am I missing something? Or are there other alternatives I'm not aware of?
Thanks for your help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
首先,我认为如果您可以控制数据库,基于角色的安全性对于您的应用程序来说非常有意义。 但如果你无法改变它,那就没办法了。
替代解决方案可以是网关登录表单,它根据
ReturnUrl查询字符串变量将用户重定向到文件夹特定的登录表单,并且该表单将使用它想要验证用户的提供程序。 然后,它使用FormsAuthentication.RedirectFromLoginPage设置身份验证 cookie 并重定向到上一页。 您可以通过web.config中的First of all, I think role-based security makes perfect sense for your application if you have control over the databases. But if you can't change it, it's a no-go.
The alternative solution can be a gateway login forms that redirects user to folder specific login form based on
ReturnUrlquerystring variable and that form will use the provider it wants to validate the user. Then it uses theFormsAuthentication.RedirectFromLoginPageto set an authentication cookie and redirect to the previous page. You can set the roles and use role based security to control access to each folder with<authorization>tag inweb.config.我不确定您要做什么,但是每种客户类型的角色怎么样? 限制每个子文件夹的角色访问权限,但您仍然拥有 1 个成员资格提供程序和 1 个角色提供程序。
I'm not sure what you're trying to do but how about Roles for each of these customer types? Limit access by a role for each sub folder but you'd still have 1 membership provider and 1 role provider.