以不同用户身份登录时访问被拒绝
我们的 ASP.NET 应用程序页面作为一项功能部署到 MOSS 2007 场中。
当用户登录到站点时,用户将被定向到默认页面。
右上角有一个选项“以其他用户身份登录”。 如果用户选择此选项并输入其他用户的凭据,则会显示“访问被拒绝”消息。
此消息没有意义,因为所有用户都可以访问此默认页面。 此外,如果用户现在转到地址栏并手动将 URL 更改为默认页面,则会加载该页面。 我可以在“拒绝访问”URL 的源部分中看到目标页面的编码 URL 是预期的默认页面 URL。
以前,我对 INIT.JS 文件进行了更改,以便在从非默认页面的页面完成登录更改的情况下重定向用户。
function LoginAsAnother(url, bUseSource)
{
document.cookie="loginAsDifferentAttemptCount=0";
if (bUseSource=="1")
{
GoToPage(url);
}
else
{
var ch=url.indexOf("?") >=0 ? "&" : "?";
//url+=ch+"Source="+escapeProperly(window.location.href);
url+=ch+"Source="+escapeProperly(getSspLocation(window.location.href));
STSNavigate(url);
}
}
原来的行被注释掉了。
函数 getSspLocation 只是我编写的一个函数,用于从任何其他 URL 获取默认页面 URL。
function getSspLocation(url) {
var parts = url.split('/');
var result = "";
for (var i = 0; i < parts.length; ++i) {
result += parts[i] + "/";
if (parts[i].toLowerCase() == "ssp")
return result + "default.aspx";
}
return url;
}
有任何想法吗?
Our ASP.NET application pages are deployed as a feature into a MOSS 2007 farm.
When a user logs on to the site the user is directed to a default page.
In the top right corner there is an option "Log on as a different user".
If the user selects this option and enters the credentials of another user, an "Access Denied" message is displayed.
This message does not make sense since all the users have access to this default page. Furthermore, if the user now goes to the address bar and manually changes the URL to the default page, the page loads. I can see in the source part of the "Access Denied" URL that the encoded URL of the target page is the expected default page URL.
Previously, I made a change to the INIT.JS file to redirect the user in the case where the login change is done from a page that is not the default page.
function LoginAsAnother(url, bUseSource)
{
document.cookie="loginAsDifferentAttemptCount=0";
if (bUseSource=="1")
{
GoToPage(url);
}
else
{
var ch=url.indexOf("?") >=0 ? "&" : "?";
//url+=ch+"Source="+escapeProperly(window.location.href);
url+=ch+"Source="+escapeProperly(getSspLocation(window.location.href));
STSNavigate(url);
}
}
The original line is commented out.
The function getSspLocation is just a function I wrote to get the default page URL from any other URL.
function getSspLocation(url) {
var parts = url.split('/');
var result = "";
for (var i = 0; i < parts.length; ++i) {
result += parts[i] + "/";
if (parts[i].toLowerCase() == "ssp")
return result + "default.aspx";
}
return url;
}
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这不会回答您的问题,但我建议您不要修改 init.js 文件。 这既违背了良好的做法,也违背了微软的建议,你将失去他们的支持。 此外,在应用服务包和/或修补程序时,它肯定会被覆盖。
如果您需要自定义 OOB 脚本文件的功能,请通过部署包含自定义脚本的自定义母版页来实现。
This will not answer your question, but I would advice you against modifying the init.js file. It is both against good practice and against Microsoft's recommendation, you will lose support from them. Furthermore, it will most certainly be overwritten when applying service packs and/or hot fixes.
If you have the need to customize the functionality of OOB script files, do so by deploying a custom master page that incorporates your custom scripts instead.