如何配置 ASP.net 表单身份验证以仅拒绝特定 URL 和子 URL?
我正在使用 ASP.NET4 和 MVC3。我想将我的网站配置为按以下方式使用表单身份验证:
- 未经身份验证的用户应该有权访问所有内容(即 /、/home、/freebies )...
- ...除了 /paidServices 下的任何内容(即 /paidServices/ fancy, /paidServices)
如何在我的 web.config 文件中配置它?当用户点击根 URL(/) 时,我当前的配置总是进入登录页面,但事实并非如此。仅当用户尝试访问 /paidServices url 时,它才应转到登录页面。
我的配置如下:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" path="/" timeout="2880" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="~/paidServices">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
... etc ...
</configuration>
我做错了什么?我使用 ASP.NET MVC 是否会让事情变得更加复杂?
I am using ASP.NET4 with MVC3. I would like to configure my website to use forms Authentication in the following way:
- UNauthenticated users should have access to everything (i.e. /, /home, /freebies )...
- ... except for anything under /paidServices (i.e. /paidServices/fancy, /paidServices)
How do I configure this in my web.config file? My current configuration always goes to the logon page when the user hits the root URL(/), but it should not. It should only go to the logon page if the user tries to access the /paidServices url.
My configuration is as follows:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" path="/" timeout="2880" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="~/paidServices">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
... etc ...
</configuration>
What am I doing wrong? Is the fact that I am using ASP.NET MVC making this more complicated?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
更好的做法是在 MVC 中使用授权属性。这些可以应用于整个控制器或仅应用于单个控制器操作。
例如:
It's better practice to use Authorize attributes in MVC. These can be applied to a whole controller or just a single controller action.
For example:
虚惊。配置问题是正确的。我在 MVC 路由配置中省略了 URL,因此默认 URL (/) 将转到安全部分,并且登录表单将按预期显示。
Phil Haack 的路由调试器帮助查明了问题:http://haacked。 com/archive/2008/03/13/url-routing-debugger.aspx
False alarm. The configuration is question was correct. I omitted a URL in my MVC routes configuration, so the default URL (/) was going to the secure section and the Logon form was being shown as expected.
Phil Haack's Route Debugger helped pinpoint the problem: http://haacked.com/archive/2008/03/13/url-routing-debugger.aspx