表单身份验证重定向页面

时间:2015-08-27 15:05:27

标签: php vb.net web-services web-config

我在服务器上有一个包含某些文件的目录。我需要保护这些文件,以便如果从网址调用文件,它将不会下载,除非用户名和密码与请求一起传递。

目前,我在IIS中将该目录部署为应用程序,并添加了以下Web配置:

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
   <authentication mode="Forms">
    <forms loginUrl="logon.aspx" name=".ASPXFORMSAUTH" protection="All" defaultUrl="/" path="?">
    </forms>
  </authentication>
  <authorization>
    <deny users="?" />
  </authorization>
    </system.web>


    <system.webServer>

      <directoryBrowse enabled="true" />

    <httpRedirect enabled="true" destination="/logon.aspx" />
</system.webServer>


</configuration>

以及以下登录页面:

<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>

<script runat="server">
  Sub Logon_Click(ByVal sender As Object, ByVal e As EventArgs)
    If ((UserEmail.Text = "jchen@contoso.com") And _
            (UserPass.Text = "37Yj*99Ps")) Then
      FormsAuthentication.RedirectFromLoginPage _
           (UserEmail.Text, Persist.Checked)
    Else
      Msg.Text = "Invalid credentials. Please try again."
    End If
  End Sub
</script>

<html>
<head id="Head1" runat="server">
  <title>Forms Authentication - Login</title>
</head>
<body>
  <form id="form1" runat="server">
    <h3>
      Logon Page</h3>
    <table>
      <tr>
        <td>
          E-mail address:</td>
        <td>
          <asp:TextBox ID="UserEmail" runat="server" /></td>
        <td>
          <asp:RequiredFieldValidator ID="RequiredFieldValidator1" 
            ControlToValidate="UserEmail"
            Display="Dynamic" 
            ErrorMessage="Cannot be empty." 
            runat="server" />
        </td>
      </tr>
      <tr>
        <td>
          Password:</td>
        <td>
          <asp:TextBox ID="UserPass" TextMode="Password" 
            runat="server" />
        </td>
        <td>
          <asp:RequiredFieldValidator ID="RequiredFieldValidator2" 
            ControlToValidate="UserPass"
            ErrorMessage="Cannot be empty." 
            runat="server" />
        </td>
      </tr>
      <tr>
        <td>
          Remember me?</td>
        <td>
          <asp:CheckBox ID="Persist" runat="server" /></td>
      </tr>
    </table>
    <asp:Button ID="Submit1" OnClick="Logon_Click" Text="Log On"  
       runat="server" />
    <p>
      <asp:Label ID="Msg" ForeColor="red" runat="server" />
    </p>
  </form>
</body>
</html>

我没有尝试在Android应用程序的请求中传递用户名和密码(我最终想要做什么)但是我从网络上调用了URL链接,并且登录页面显示成功,以防URL是目录但当URL指向一个文件时:MYURL / test / test.txt 然后文件出现,登录页面没有显示。请任何帮助表示赞赏。我是新来的。

1 个答案:

答案 0 :(得分:0)

我将网络配置更改为以下内容。更改system.webServer 

<system.webServer>
    <modules>
      <add  name="FormsAuthenticationModule"  type="System.Web.Security.FormsAuthenticationModule" />
      <remove  name="UrlAuthorization" />
      <add  name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"  />
      <remove  name="DefaultAuthentication" />
      <add  name="DefaultAuthentication"  type="System.Web.Security.DefaultAuthenticationModule" />
    </modules>
  </system.webServer>
相关问题
最新问题