我有一个管理网站设置为另一个网站内的虚拟应用程序。
我希望使用主父站点上设置的相同表单身份验证提示子目录(虚拟应用程序)的访问者输入凭据
已经尝试了各种方法但无法使其工作,包括
删除所有 <授权>、
复制相同的 从父级到虚拟应用程序 web.config 的 和
使用虚拟目录而不是虚拟应用程序
但我从未收到凭据提示
任何人都知道如何进行此设置?
谢谢
更新:
现在已经通过删除 IIS 中的应用程序名称(使其成为虚拟目录而不是虚拟应用程序)来继承父级的权限,
但是,这会破坏管理站点中的所有路径,
例如我收到以下错误
文件“/Site.master”不存在。
那么我应该使用虚拟目录(它似乎继承了父目录的身份验证)吗?
或者虚拟应用程序(当前不从父级继承身份验证,但具有正确的相对路径)?
这是父配置
<membership defaultProvider="SqlServerMembershipProvider">
<providers>
<add connectionStringName="xxxxxxxx" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="SqlServerMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SqlServerRoleProvider">
<providers>
<add connectionStringName="xxxxxxx" applicationName="/" name="SqlServerRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
<authentication mode="Forms">
<forms name=".EPiServerLogin" loginUrl="login.aspx" timeout="120"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
I have an admin site set up as a virtual applcation inside of another website.
I would like visitors to the sub directory (the virtual application) to be promtped for credentials using the same Forms authentication set up on the main parent site
Have tried all sorts of things but can't get it to work, including
Removing all <authentication mode="Forms">, <authorization>, <membership> and <roles> sections from the virtual-app web.config
Copying the same <authentication mode="Forms">, <authorization>, <membership> and <roles> sections from the parent to the virtual-app web.config
Using a virtual directory instead of virtual application
But I never get promted for credentials
Anyone know how to get this setup?
thanks
UPDATE:
Have now got it to inherit permissions from the parent, by deleting the application name in IIS (to make it a virtual directory rather than a virtual application)
However, this screws all the paths in the admin site
e.g. I get the following error
The file '/Site.master' does not exist.
So should I be using a virtual directory (which seems to inherit authentication from the parent)?
Or a virtual application (which currently doesn't inherit auth from the parent but has the correct relative paths)?
Here's the parent config
<membership defaultProvider="SqlServerMembershipProvider">
<providers>
<add connectionStringName="xxxxxxxx" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="SqlServerMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SqlServerRoleProvider">
<providers>
<add connectionStringName="xxxxxxx" applicationName="/" name="SqlServerRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
<authentication mode="Forms">
<forms name=".EPiServerLogin" loginUrl="login.aspx" timeout="120"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
发布评论
评论(3)
我需要使用单点登录解决方案,如此处所述
http://www.codeproject .com/KB/aspnet/SingleSignon.aspx
要点是,每个站点都需要对 cookie 值使用相同的加密密钥。所以这个machineKey元素需要添加到单点登录涉及的每个站点
I needed to use a single sign on solution, as described here
http://www.codeproject.com/KB/aspnet/SingleSignon.aspx
The main point being, each site needs to use the same encryption key for the cookie values. So this machineKey element needs to be added to each site involved in the Single Sign On
您如何配置授权?
另外,我假设您尚未在父站点中进行身份验证?
在 admin 子目录中,您的 web.config 中应该有类似以下内容的内容(显然您可能还包含更多信息):
这将拒绝所有匿名用户,但允许所有经过身份验证的用户访问。如果您使用角色提供程序仅允许某些角色,则可以轻松扩展此功能:
请注意,您需要其中的“拒绝所有用户”,因为默认行为是允许所有用户。授权工作是“自上而下”的,因为它从列表的顶部开始,一旦找到匹配项,它就会停止处理,因此如果用户处于“管理员”角色,则不会到达“拒绝”所有用户”规则。
您还可以使用
< 在根 web.config 中进行配置location>元素。回复评论
您的身份验证/授权都在父站点中起作用吗?
您能否编辑您的问题以包括您尝试过的(已清理的)web.config 部分,以便我们可以查看是否有任何明显缺失的内容 - 例如,如果您使用角色来锁定管理区域,则您已启用它(< code>,默认为
false)。How have you configured authorization?
Also, I assume you're not already authenticated in the parent site?
In the admin subdirectory you should have something like the following in your web.config (obviously you may have more information in there as well):
This will deny all anonymous users, but allow all authenticated users access. You can easily extend this if you are using a Role Provider to only allow certain roles:
Note that you need the "Deny all users" in there, as the default behaviour is to allow all users. Authorization works "top down" in that it starts at the top of the list, and as soon as it finds a match, it stops processing, so if the user is in the "Admin" role, it will not get to the "Deny all users" rule.
You can also configure this in the root web.config using a
<location>element.Responding to comments
And your authentication/authorization all works in the parent site?
Could you edit your question to include (sanitised) web.config sections you've tried so we can see if there's anything obvious missing - for example, if you're using Roles to lock down the admin area, you have enabled it (
<roleManager enabled="true">, defaults tofalse).我们在这里经常做您想做的事情。
我们这样做:根级别是一个虚拟应用程序,它包含主 web.config 和 global.ascx。我们有一个普通的文件夹,里面有“Admin”。其中,我们有一个小的 web.config,它只包含
我在你的帖子中有点困惑是否涉及三个应用程序/目录(应用程序、父应用程序、应用程序的管理员),还是只有两个(应用程序和它的管理员)。我在这里做出一个关键假设:它是两个。如果你确实拥有这三个,那么需要做更多的工作才能让这件事顺利进行。
We do what you're trying to do quite often here.
We do it this way : The root level is a virtual application, it contains the master web.config and global.ascx. We have a normal folder, 'Admin' inside of that. Inside of that, we have a small web.config, it only contains
<authorization>XML information. You'll need a login page somewhere, either the root or Admin folder.I was a little confused in your post about whether there are three applications/directories involved (app, parent app, app's admin), or only two (app & it's admin). I'm making a critical assumption here that it's two. If you do have the three, it's going to be some more work to get this thing going.