当前位置：文江博客话题详情

asp.net forms-authentication

允许匿名访问默认页面

发布于 2024-11-05 09:51:24 字数 816 浏览 0 评论 0 原文

我的 ASP.NET Forms 4.0 站点正在使用表单身份验证运行。默认情况下，未经授权的用户被拒绝，然后我允许访问某些页面。我在访问默认网址时遇到问题：http://example.com。我在 web.config 中有一个定义默认页面的条目：

<defaultDocument>
    <files>
        <clear/>
        <add value="default.aspx" />
    </files>
</defaultDocument>

并且我有这个位置覆盖：

<location path="default.aspx">
    <system.web>
        <authorization>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

当我转到完整网址时，它可以正常工作： http://example.com/default.aspx，但如果我转到 http://example.com

有什么想法我做错了什么吗？

原文

My ASP.NET Forms 4.0 site is running with forms authentication. By default unauthorized users are denied, and then I allow access to certain pages.
I have a problem allowing access to the default url: http:/example.com. I have this entry in web.config that defines default page:

<defaultDocument>
    <files>
        <clear/>
        <add value="default.aspx" />
    </files>
</defaultDocument>

and I have this location override:

<location path="default.aspx">
    <system.web>
        <authorization>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

It works OK when I go to the full url: http://example.com/default.aspx, but redirects to the login page if I go to http://example.com

Any ideas what am I doing wrong?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

巷子口的你 2024-11-12 09:51:24

我刚刚在（德米特里）对类似问题的回复中找到了答案：表单身份验证忽略默认文档：

在 Global.asax 中，方法：Application_BeginRequest，放置以下内容：

if (Request.AppRelativeCurrentExecutionFilePath == "~/")
    HttpContext.Current.RewritePath("default.aspx");

工作得很好！

I just found answer in a response (by Dmitry) to a similar question here in SO: Forms Authentication Ignoring Default Document:

In Global.asax, method: Application_BeginRequest, place the following:

if (Request.AppRelativeCurrentExecutionFilePath == "~/")
    HttpContext.Current.RewritePath("default.aspx");

Worked like charm!

回复收藏 0 原文

圈圈圆圆圈圈 2024-11-12 09:51:24

我刚刚想出了如何解决这个问题，而不必捏造重定向。

如果从 .Net 2 转换到 .Net 4 后发生在我身上，并且我从未在互联网上的任何地方找到我的解决方案，那么这里就是。

如果像我一样，您的登录页面也是默认页面，您需要确保在 web.config 文件中执行以下两件事：

添加此操作以免除 default.aspx 的身份验证（在 .Net 2 中不需要此操作）

<location path="default.aspx">
     <system.web>
         <authorization>
             <allow users="*" />
         </authorization>
     </system.web>
 </location>

并且将登录网址从这个更改

<forms name="myform" loginUrl="~/default.aspx" timeout="240" defaultUrl="~/home.aspx"  slidingExpiration="true" protection="All" path="/" />

为这个

<forms name="myform" loginUrl="~/" timeout="240" defaultUrl="~/home.aspx" slidingExpiration="true" protection="All" path="/" />

，你应该现在就可以正常工作了，只需在两个不同的网站上尝试一下，它对我来说就成功了

I've just figured out how to solve this without having to fudge a redirection.

If just happened to me after converting from .Net 2 to .Net 4 and I've never found my solution anywhere on the internet so here goes.

If like me your login page is also your default page you need to make sure you do the following two things in the web.config file

Add this to exempt to default.aspx from authentication (didn't need this in .Net 2)

<location path="default.aspx">
     <system.web>
         <authorization>
             <allow users="*" />
         </authorization>
     </system.web>
 </location>

And change the login url from this

<forms name="myform" loginUrl="~/default.aspx" timeout="240" defaultUrl="~/home.aspx"  slidingExpiration="true" protection="All" path="/" />

to this

<forms name="myform" loginUrl="~/" timeout="240" defaultUrl="~/home.aspx" slidingExpiration="true" protection="All" path="/" />

and you should fine it all work nows, just tried it out on two different sites and it did the trick for me

回复收藏 0 原文

骄兵必败 2024-11-12 09:51:24

我不喜欢针对此问题更改代码，特别是因为我的网站在 Windows Server 2008 R2 计算机上运行良好，但在 Windows 7 SP1 开发计算机上运行不佳。

事实证明，此问题的根本原因是 Windows 7 Service Pack 1 中的更新：

http:// support.microsoft.com/kb/2526854

解决方案似乎是禁用 SP1 中添加的新“ExtensionlessUrl”功能：

<system.webServer>

  <handlers>
    <remove name="ExtensionlessUrl-ISAPI-4.0_32bit" />
    <remove name="ExtensionlessUrl-ISAPI-4.0_64bit" />
    <remove name="ExtensionlessUrl-Integrated-4.0" />
  </handlers>

  <validation validateIntegratedModeConfiguration="false" />

</system.webServer>

显然，如果您使用的是 ExtensionlessUrl这个功能对你来说不起作用，但我已经在这里为那些迁移遗留站点并想知道突然出了什么问题的人记录了它。

I didn't like making a code change for this issue, especially because my site was working fine on my Windows Server 2008 R2 machine, but not on my Windows 7 SP1 development machine.

It turns out that the root cause of this issue is an update in Service Pack 1 for Windows 7:

http://support.microsoft.com/kb/2526854

The solution appears to be to disable the new "ExtensionlessUrl" feature that was added in SP1:

<system.webServer>

  <handlers>
    <remove name="ExtensionlessUrl-ISAPI-4.0_32bit" />
    <remove name="ExtensionlessUrl-ISAPI-4.0_64bit" />
    <remove name="ExtensionlessUrl-Integrated-4.0" />
  </handlers>

  <validation validateIntegratedModeConfiguration="false" />

</system.webServer>

Obviously if you're using the ExtensionlessUrl feature this won't work for you, but I've documented it here for those migrating a legacy site and are wondering what has suddenly gone wrong.

回复收藏 0 原文

轻拂→两袖风尘 2024-11-12 09:51:24

这在测试 Web 应用程序中适用于我：

<location path="">
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

<location path="Default.aspx">
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

现在我无法访问“/”或“/Default.aspx” - 尝试一下（但使用 allow 代替）。

This works for me in a test web app:

<location path="">
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

<location path="Default.aspx">
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

Now I can't get to either "/" or "/Default.aspx" - give that a try (but use allow instead).

回复收藏 0 原文

~没有更多了~