asp.net表单身份验证拒绝任何用户访问新的Web表单

时间:2013-01-05 05:27:26

标签: forms authentication web-config

我在asp.net上的任务有问题。我想问一下,除非我在Web配置中指定了对页面的访问权限,否则有什么方法可以防止任何用户(包括经过身份验证的用户)访问新创建的Web表单?

我尝试使用

<deny users="*"> 

但是它拒绝所有用户访问任何页面,甚至是那些我已经指定了访问权限的页面,例如:

<location path="home.aspx">

2 个答案:

答案 0 :(得分:2)

这是一篇很好的文章,示例在MS Support

  <configuration>
        <system.web>
            <authentication mode="Forms" >
                <forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
                </forms>
            </authentication>
    <!-- This section denies access to all files in this 
    application except for those that you have not explicitly 
    specified by using another setting. -->
            <authorization>
                <deny users="?" /> 
            </authorization>
        </system.web>
    <!-- This section gives the unauthenticated 
    user access to the ThePageThatUnauthenticatedUsersCanVisit.aspx 
    page only. It is located in the same folder 
    as this configuration file. -->
            <location path="ThePageThatUnauthenticatedUsersCanVisit.aspx">
            <system.web>
            <authorization>
                <allow users ="*" />
            </authorization>
            </system.web>
            </location>
    <!-- This section gives the unauthenticated 
    user access to all of the files that are stored 
    in the TheDirectoryThatUnauthenticatedUsersCanVisit folder.  -->
            <location path="TheDirectoryThatUnauthenticatedUsersCanVisit">
            <system.web>
            <authorization>
                <allow users ="*" />
            </authorization>
            </system.web>
            </location>
    </configuration>

答案 1 :(得分:0)

这可以帮到你:

<location path="FolderName/pagename.aspx">
        <system.web>
            <authorization>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>