避免身份验证
大家好,我有一个使用表单身份验证的 ASP.NET 3.5 应用程序。我想请求一个仅对经过身份验证的用户可用的页面,但能够在某些情况下向未经身份验证的用户显示它。我的问题是在页面生命周期的哪个阶段我需要告诉 ASP.NET 可以显示页面以及如何告诉它这样做。
我已经尝试过,但没有成功:
void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpContext.Current.SkipAuthorization = true;
}
当然上面的示例仅用于测试目的
Hi fellow stackers... I have an ASP.NET 3.5 app using forms authentication. I would like to request a page that is available to authenticated users only, but be able to display it to non authenticated users in certain scenarios. My question is at what point of the page lifecycle do I need to tell ASP.NET that is ok to display the page and how do I tell it to do so.
I've tried this to no avail:
void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpContext.Current.SkipAuthorization = true;
}
Of course the example above was for testing purposes only
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在页面加载时,为什么不使用:
并将页面放在不安全的目录中。
On page load why don't you use:
And put the page in a nonsecure directory.
我不确定你所说的“尝试无济于事”是什么意思。究竟发生了什么?如果您使用
BeginRequest或AuthenticateRequest中的方法(在AuthorizeRequest之前发生的仅有的两个请求管道事件)来操纵当前 HTTP 上下文以跳过授权code>),它将绕过web.config文件中允许或拒绝用户的任何授权设置。您目前如何授权对相关页面的请求?
I'm not sure what you mean by "tried to no avail". What exactly is happening? If you are manipulating the current HTTP context to skip authorization using your method in either the
BeginRequestorAuthenticateRequest(the only two request pipeline events that occur beforeAuthorizeRequest), it will bypass any authorization settings in yourweb.configfile that allow or deny users.How are you currently authorizing your requests to the page in question?