ASP.NET 会员资格:CSS 被拒绝用户阻止,页面无法正确呈现?
我有一个功能正常的页面,但是当我对整个站点发出拒绝用户请求时,它会将我重定向到登录页面,该页面似乎可以工作,但 css 无法工作。因此没有样式......
任何人都可以帮忙吗?我的 web.config 是这样的
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
这个登录页面使用 site.master 具有以下样式表,但在包含上述内容时无法设置文档样式
<link href="../../Content/Site.css" rel="stylesheet" type="text/css" />
要确认 ii 删除 web.config 中的上述部分,然后它可以工作,因此包含 css和 beng 风格
我认为这可能与 css 被拒绝有关..所以我包括了以下内容,但这没有什么区别。我知道 site.master 正在登录页面中呈现,因为我看到了标题等。
<location path="~/Content">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
我还使用 firefox 中的 firebug 来查看 css,如果授权标签包含在 web.config 中,那么它表明没有 CSS 。如果我删除标签,那么我可以看到 css 并且页面正确呈现。
我一定是错过了什么。任何帮助真的很感激
提前感谢
编辑
Fiddler 声明 site.css 已移动?
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /InmoCasaWebClient/Account /LogOn?ReturnUrl=%2fInmoCasaWebClient%2fContent%2fSite.css
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 17 Aug 2010 17:19:12 GMT
Content-Length: 201
<html><head><title>Object moved</title></head><body>
对象已移至此处。
I have a page that functions correctly but when i issue a deny user for the whole site it redirects me to the logon page which seems to work BUT the css is not working. Hence there is no styling..
Can anyone help? My web.config is like so
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
This logon page uses a site.master has the following style sheet but fails to style the document when the above is included
<link href="../../Content/Site.css" rel="stylesheet" type="text/css" />
To confirm i i remove the part above in web.config then it works hence the css is included and beng styled
I thought it might be something to do with the css being denied .. so i included the following but it makes no difference. I know the site.master is being rendered in the logon page because i see the headers etc..
<location path="~/Content">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I have also used firebug in firefox to view the css, if the authorization tags are included in web.config then it states there is no CSS. If i remove the tags then i can see the css and the page is rendered correctly.
I must be missing something. Any help really appreciated
thanks in advance
EDIT
Fiddler states that the site.css is moved??
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /InmoCasaWebClient/Account /LogOn?ReturnUrl=%2fInmoCasaWebClient%2fContent%2fSite.css
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 17 Aug 2010 17:19:12 GMT
Content-Length: 201
<html><head><title>Object moved</title></head><body>
Object moved to here.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
使用 fiddler 来查看该资源到底发生了什么?可能会揭开这个谜团。如果未经授权,应该是 403。可能是 404ing?如果它不在虚拟目录中,你可以这样写:(
目录遍历是脆弱的)
更新 - 现在更多信息
很好的小提琴手使用;)无论如何,因为它是 302ing(暂时重定向)你的 css 文件以要求验证也是问题是您的表单身份验证。
您可能遇到 runAllManagedModuleForAllRequest="true" 问题< /a>.阅读该帖子以获取信息。
或设置对内容文件夹的所有访问权限以允许访问。你已经快到了,但它需要是:
Use fiddler to see exactly what is happening to that resource? May shed light on the mystery. It should 403 if it is unauthorized. May be 404ing? If it's not in a virtual directory you could just write:
(directory traversing is flimsy)
Update - now more info
Nice fiddler use ;) Anyway, since it is 302ing (temporarily redirecting) your css files to require validation too the problem is your forms authentication.
You are probably running into the runAllManagedModuleForAllRequest="true" problem. Read that post for info.
Or set the all access to the Content folder to allow access. You're almost there but it would need to be:
我有类似的问题。如果有帮助,我向根 Web 目录添加了权限(IUSR 或取决于您的操作系统),它起作用了。
i had a similar problem. if it helps, i added permission (IUSR or depending on your OS) to the root web directory, it worked.
302 来自登录框架,在请求 CSS 时将您重定向到登录。
这里的技巧是你的 MVC 应用程序不应该通过 web.config 配置安全性,而是你应该在控制器上使用 [Authorize] 属性,这不会干扰你的 CSS。
The 302 is from the login framework redirecting you to login when requesting the CSS.
The trick here is your MVC app should not be configuring the security via web.config but rather you should be using the [Authorize] attributes on your controllers which will not interfere with your CSS.
尝试删除您所在位置的路径属性中的波浪号 (~)。如果你查看 fiddler 结果,它是对你的 css 的回调请求。因此,未经身份验证的页面请求反过来又对资源(CSS)发出未经身份验证的请求。
我通常尝试在应用程序的根目录放置一个样式目录,然后使用 等辅助工具T4MVC 或我自己的辅助方法来翻译并避免必须弄清楚
../../目录爬行。Try removing the tilda (~) in your location's path attribute. If you look at the fiddler result, its a callback request for your css. so the unauthenticated request for the page is in turn making unauthenticated requests for resources (the css).
I generally try to place a styles directory at the root of the application, and then use a helper tool like T4MVC or my own helper methods to translate and avoid having to figure out the
../../directory crawling.对于初学者,请避免在 ASP.NET MVC 视图中对 JS 或 CSS 文件等资源进行硬编码路径。使用 /Content/Site.css 并不比 ../../..
使用 Url.Content 帮助器更好:
For starters, avoid hardcoded paths to resources like JS or CSS files in your ASP.NET MVC views. Using /Content/Site.css does no better than ../../..
Use Url.Content helper:
您只需允许应用程序访问您的 css 文件即可:
You can simply allow app to access your css file :