表单身份验证在发布后不起作用
我一直在开发一个网站项目,该项目限制匿名用户访问某个文件夹,并允许登录的用户访问该文件夹。 这在我的开发机器上运行得很好。
然而,自从发布网站并部署到 Web 服务器(Windows Server 2008、IIS7)以来,表单身份验证似乎不起作用。匿名用户可以访问“受限”文件夹。 我比较了开发机器和Web服务器上的webconfig,它们是完全相同的。
我使用 .NET Framework 中内置的网站管理工具设置了对开发计算机上目录的访问/限制,使用此 教程。但是我知道这个工具只是本地主机?
请注意:我没有使用 asp.net 登录和注册控件。我在后面的代码中使用自定义函数(C#)
这个问题是由位置更改引起的吗? 开发机目录:C:\Users\Megatron\Documents\Visual Studio 2010\Projects\Osqar - v0.2\OSQARv0.1 Web 服务器目录:C:\inetpub\wwwroot\Osqar
我在这里有点迷失,所以任何建议将不胜感激。
这是网络配置文件
<?xml version="1.0" encoding="UTF-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="dbConn" connectionString="data source=mssql.database.com; Initial Catalog=devworks_oscar;User ID=myusername;Password=password" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name="Osqar" loginUrl="/login/login.aspx" protection="All" path="/" timeout="60" />
</authentication>
<compilation debug="true" />
<pages /></system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="index.aspx" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
I have been working on a website project which restricts access to a certain folder to annonymous users and allows access to the folder to those who are logged in.
This has been working perfectly on my development machine.
However since publishing the website and deploying to a web server (Windows Server 2008, IIS7) the forms authentication appears not to be working. Anonymous users are able to access the "restricted" folder.
I have compared the webconfig on both the development machine and the web server and they are exactly the same.
I set up the access/restriction to the directory on the development machine using the Web Site Administration Tool built into the .NET Framework using this tutorial. However I understand this tool is localhost only?
Please note: I am not using the asp.net login and registration controls. I am using a custom function in the code behind (C#)
Is this problem caused by the change of location?
The development machine directory: C:\Users\Megatron\Documents\Visual Studio 2010\Projects\Osqar - v0.2\OSQARv0.1
The Web server Directory: C:\inetpub\wwwroot\Osqar
I am a little lost here so any advice would be greatly appreciated.
Here is the web config file
<?xml version="1.0" encoding="UTF-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="dbConn" connectionString="data source=mssql.database.com; Initial Catalog=devworks_oscar;User ID=myusername;Password=password" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name="Osqar" loginUrl="/login/login.aspx" protection="All" path="/" timeout="60" />
</authentication>
<compilation debug="true" />
<pages /></system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="index.aspx" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
authorization部分似乎丢失了(?)。您应该有类似的信息,如果没有有关所需授权级别的信息(拒绝匿名用户),应用程序服务器将让每个人去任何地方。
The
authorizationsection seems to be missing (?). You should have something likeWithout the information about the required level of authorization (deny anonymous users), the application server will let everyone go everywhere.
将其放在
如果要限制特定文件,请执行以下操作:
对已部署项目中的 web.config 进行这些更改
或者,如 Wiktor 建议使用阻止匿名访问整个网站
将其放在
或者在项目的根目录下创建一个文件夹并放置安全页面里面那个文件夹。 R-单击文件夹添加新的 web.config 文件并将以下内容放在
Put this under
<cofiguraation>main tag like:if you're restricting specific files do:
Do these changes to the web.config in the deployed project
Alternatively as Wiktor suggested use to block anonymous access to the website as a whole
put it under
<system.web>possibly before or after<authentication>tagOr create a folder under the root of your project and put secured pages inside that folder. R-click on the folder add new web.config file and put the following under the
<system.web>tag