Web配置允许用户不工作

时间:2016-04-01 02:32:03

标签: asp.net

我在表单身份验证的网站上的网络配置文件中有以下内容,但它不允许用户导航到该页面,除非他们登录。

<configuration>
  <connectionStrings>
    <remove name="******"/>
    <add name="*******" *******"/>
    <add name="*****" *******"/>
  </connectionStrings>
 <location path="About.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

ASP.net网站形成4个网站。注意***隐藏原始数据

1 个答案:

答案 0 :(得分:1)

您的问题不明确。但是再次通过添加此行启用身份验证

<system.web>
    <!--Session state Time Out-->
    <sessionState timeout="60" /> 
    <!--My authontication module-->
    <authentication mode="Forms">
      <forms name="PROJECTNAME.ASPXAUTH" loginUrl="~/Login.aspx" protection="All" path="/" timeout="60"/>
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization> 
</system.web>

它将保护Web应用程序。如果要访问任何特定文件夹,则创建一个文件夹并添加Web.config文件。并在web.cofig文件中

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <!--Defualt access grant sa=11,admin=12-->
        <allow roles="admin"/>
        <!--Order and case are important below-->

        <deny users="*"/>
      </authorization>
    </system.web>
</configuration>  

阻止 admin

以外的角色用户访问

并通过

创建角色
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                       1, // Ticket version
                       Convert.ToString(user.UserID), // Username associated with ticket
                       DateTime.Now, // Date/time issued
                       DateTime.Now.AddMinutes(60), // Date/time to expire
                       false, // "true" for a persistent user cookie
                       Convert.ToString(user.RoleID), // User-data, in this case the roles
                       FormsAuthentication.FormsCookiePath);// Path cookie valid for

                    // Encrypt the cookie using the machine key for secure transport
                    string hash = FormsAuthentication.Encrypt(ticket);
                    HttpCookie cookie = new HttpCookie(
                       FormsAuthentication.FormsCookieName, // Name of auth cookie
                       hash); // Hashed ticket

                    // Set the cookie's expiration time to the tickets expiration time
                    if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

                    // Add the cookie to the list for outgoing response
                    Response.Cookies.Add(cookie);