当前位置: 文江博客话题详情

admin文件夹权限..不允许访客

发布于 2024-08-17 22:53:21 字数 4902 浏览 7 评论 0原文

我有一个会员网络应用程序。用户可以是 管理员或来宾用户(只有 2 个角色)

我在此应用程序中有一个管理文件夹和一个来宾文件夹。我想 管理员可以访问文件夹,而访客则不能访问管理文件夹。

我没有使用 .net 成员/角色/配置文件框架。什么是 保护该管理文件夹的最简单方法?

我读到了一些关于在 webconfig 中更改位置的内容...但不知道该放在哪里?

有什么建议吗???

我的网络配置

    <appSettings>
    <!--
  <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" />
  -->
    <add key="ChartImageHandler" value="storage=memory;deleteAfterServicing=true;"/>
</appSettings>
<connectionStrings>
    <add name="abs" connectionString="Data Source=localhost\SQLEXPRESS;Initial Catalog=absDB;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>


<system.web>
    <identity impersonate="true"/>
    <!-- 
        Set compilation debug="true" to insert debugging 
        symbols into the compiled page. Because this 
        affects performance, set this value to true only 
        during development.
    -->
<roleManager enabled="true" />
    <compilation debug="true">
        <assemblies>
            <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        </assemblies>
    </compilation>
    <!--
        The <authentication> section enables configuration 
        of the security authentication mode used by 
        ASP.NET to identify an incoming user. 
    -->
    <authentication mode="Forms">
        <forms loginUrl="Login.aspx" name="Cookie" timeout="120" path="/">
        </forms>
    </authentication>
    <authorization>
        <deny users="?"/>
        <allow users="*"/>
    </authorization>
    <sessionState mode="InProc" cookieless="false" timeout="122"/>
    <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
        <error statusCode="403" redirect="NoAccess.htm" />
        <error statusCode="404" redirect="FileNotFound.htm" />
    </customErrors>
    -->
    <pages>
        <controls>
            <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting" assembly="System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
        </controls>
    </pages>
    <httpHandlers>
        <remove verb="*" path="*.asmx"/>
        <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
    </httpHandlers>
    <httpModules>
        <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
</system.web>
原文

I have a membership web application. A user is either an
administrator or a guest user (only 2 roles)

I have an admin folder and a guest folder in this application. I want
administrators to access both folders and guest not to access Admin folder.

I am not using the .net member/role/profile framework. What's the
easiest way to secure that admin folder?

I read something about changing location in webconfig... but dont kno where to put is??

any suggestions???

my web config

    <appSettings>
    <!--
  <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" />
  -->
    <add key="ChartImageHandler" value="storage=memory;deleteAfterServicing=true;"/>
</appSettings>
<connectionStrings>
    <add name="abs" connectionString="Data Source=localhost\SQLEXPRESS;Initial Catalog=absDB;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>


<system.web>
    <identity impersonate="true"/>
    <!-- 
        Set compilation debug="true" to insert debugging 
        symbols into the compiled page. Because this 
        affects performance, set this value to true only 
        during development.
    -->
<roleManager enabled="true" />
    <compilation debug="true">
        <assemblies>
            <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        </assemblies>
    </compilation>
    <!--
        The <authentication> section enables configuration 
        of the security authentication mode used by 
        ASP.NET to identify an incoming user. 
    -->
    <authentication mode="Forms">
        <forms loginUrl="Login.aspx" name="Cookie" timeout="120" path="/">
        </forms>
    </authentication>
    <authorization>
        <deny users="?"/>
        <allow users="*"/>
    </authorization>
    <sessionState mode="InProc" cookieless="false" timeout="122"/>
    <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
        <error statusCode="403" redirect="NoAccess.htm" />
        <error statusCode="404" redirect="FileNotFound.htm" />
    </customErrors>
    -->
    <pages>
        <controls>
            <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting" assembly="System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
        </controls>
    </pages>
    <httpHandlers>
        <remove verb="*" path="*.asmx"/>
        <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
    </httpHandlers>
    <httpModules>
        <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
</system.web>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

安静被遗忘 2024-08-24 22:53:21

试试这个:

<configuration>

    <!-- ... all other elements ... -->

    <location path="Guests_Folder">
      <system.web>
         <authorization>
            <allow roles="Administrator, Guest"/>
            <deny  users="*"/>
         </authorization>
      </system.web>
    </location>
    <location path="Admin_Folder">
      <system.web>
         <authorization>
            <allow roles="Administrator"/>
            <deny  users="*"/>
         </authorization>
      </system.web>
    </location>
</configuration>

将其放在 标记内

Try this:

<configuration>

    <!-- ... all other elements ... -->

    <location path="Guests_Folder">
      <system.web>
         <authorization>
            <allow roles="Administrator, Guest"/>
            <deny  users="*"/>
         </authorization>
      </system.web>
    </location>
    <location path="Admin_Folder">
      <system.web>
         <authorization>
            <allow roles="Administrator"/>
            <deny  users="*"/>
         </authorization>
      </system.web>
    </location>
</configuration>

Place it inside your <configuration> tag

回复 原文
梅倚清风 2024-08-24 22:53:21

访客有登录吗?如果没有,您可以将 Web 配置放入具有 Web 配置的来宾文件夹中。

主要想法是,您可以通过在您想要控制的每个文件夹中添加 Web 配置来改变谁获得访问权限,并使用您想要授予访问权限的角色的正确允许或拒绝元素。如果客人是真正的客人,这种方法最有效。即未登录。事实上,每个文件夹中都有一个与根目录不同的配置,这是您需要了解的主要内容,以使授权元素正常工作。

您不想重复整个 web.config,只需重复授权部分。

Does Guest have a login? If not, you can drop in a web config in the guest folder that has an for the web config.

The main thought is you can vary who gets access by adding a web config in each folder you want to control with the correct allow or deny elements for the roles you want to grant access. This works easiest if the guests are true guests. ie.not logged in. The fact that you have a config in each folder that varies from the root is the main thing you need to understand to get the authorization elements to work right.

You don't want to repeat the whole web.config, just the authorization part.

回复 原文
~没有更多了~

关于作者

七月上

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文