asp.net、web.config继承以及清除身份验证设置

发布于 2024-08-15 07:37:35 字数 735 浏览 6 评论 0原文

我有一个 ASP.net 1.1 应用程序。

在子文件夹中，我安装了 blogengine.net，这是一个 2.0 应用程序。

该文件夹被设置为应用程序并使用正确的框架。

它可以工作......除了身份验证。

问题是从根应用程序中的 web.config 继承。

此问题的常见修复方法是在嵌套应用程序的配置文件中对要重置的每项内容使用“clear”。

<httpModules>
    <clear/>
</httpModules>

问题是“clear”似乎不允许在身份验证标签内：

<authentication mode="Forms">
    <clear/>
    <forms... rest of my child app's settings for authentication...>
</authentication>

这样做会给我一个语法错误。

有人知道有什么方法可以让这个工作吗？我需要防止 web.config 中的根应用程序的身份验证信息在子应用程序中继承。

更新：根据好奇极客的答案，一种选择是修改根配置以不允许继承。但是，我的理解是，这也会阻止 system.config 属性。这通常是一件大事吗？这不是我的服务器，所以想知道这样做是否会引发一些服务器管理员可能无法解决的安全问题。

原文

I have an ASP.net 1.1 application.

In a sub-folder, I've installed blogengine.net, which is a 2.0 app.

The folder is set to be an application and is using the proper framework.

It works...except for authentication.

The issue is inheritence from the web.config in the root application.

The common fix for this issue is to use 'clear' in your nested app's config file for each thing you want to reset.

<httpModules>
    <clear/>
</httpModules>

The problem is that 'clear' does not appear to be allows within authentication tags:

<authentication mode="Forms">
    <clear/>
    <forms... rest of my child app's settings for authentication...>
</authentication>

Doing that gives me a syntax error.

Anyone know of a way to get this working? I need to prevent the root app's authentication info in web.config from being inherited within the child application.

UPDATE: per curious_geek's answer, one option is to modify the root config to not allow inheritance. However, my understanding is that will also block the system.config properties. Is that usually a big deal? This isn't my server, so wonder if doing that will open up some security issues that might not go over with with the server admin.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

昔日梦未散 2024-08-22 07:37:36

您需要告诉父 web.config 不强制子应用程序中的部分继承。

如果您想停止 system.web 部分继承到 child-app，那么您可以使用下面提到的 location 元素包装您的 system.web 部分。

  <location path="." inheritInChildApplications="false">

        <system.web>

        </system.web>

  </location>

您还可以应用此技术来停止连接字符串和应用程序设置部分的继承。

PS：当你实际添加这个时
web.config 中的行，Visual Studio 将
不承认它是有效的并标记它
错误，但请放心
在 IIS 下可以正常工作
已部署。

You need to tell the parent web.config no to force section inheritance in child-application.

If you want to stop system.web section inheritance to child-app then you'd wrap your system.web section with location element mentioned as below.

  <location path="." inheritInChildApplications="false">

        <system.web>

        </system.web>

  </location>

You can also apply this technique for stop inheritance for connectionstrings and appsettings section as well.

PS: when you actually add this
lines in web.config, visual studio will
not recognize it as valid and mark it
as error, but be rest assured that it
will work well under IIS when
deployed.

回复收藏 0 原文

~没有更多了~