ASP.NET 根据角色拒绝访问某些页面
我在 web.config 中有以下内容,但没有角色 MANager 或 Admin 的用户仍然可以访问 pAccessData.aspx 页面。 该页面存储在目录 Users 中
<location path="Users" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="~/Users/ChangePassword.aspx" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="~/Users/pAccessData.aspx" >
<system.web>
<authorization>
<allow roles="Manager,Admin"/>
<deny users="*" />
</authorization>
</system.web>
</location>
I have the following in web.config, but still users without role MAnager or Admin can still access the pAccessData.aspx page.
The page is stored in directory Users
<location path="Users" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="~/Users/ChangePassword.aspx" >
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="~/Users/pAccessData.aspx" >
<system.web>
<authorization>
<allow roles="Manager,Admin"/>
<deny users="*" />
</authorization>
</system.web>
</location>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您没有添加
编辑: 您已指定
You did not add
<deny users="?"/>, it should be like...Edit: you have specified
<allow users="*" />which means, it will allow access to all users, as you have not mentioned the roles for which a user can access the folder.