我在表单身份验证的网站上的网络配置文件中有以下内容,但它不允许用户导航到该页面,除非他们登录。
<configuration>
<connectionStrings>
<remove name="******"/>
<add name="*******" *******"/>
<add name="*****" *******"/>
</connectionStrings>
<location path="About.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
ASP.net网站形成4个网站。注意***隐藏原始数据
答案 0 :(得分:1)
您的问题不明确。但是再次通过添加此行启用身份验证
<system.web>
<!--Session state Time Out-->
<sessionState timeout="60" />
<!--My authontication module-->
<authentication mode="Forms">
<forms name="PROJECTNAME.ASPXAUTH" loginUrl="~/Login.aspx" protection="All" path="/" timeout="60"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
它将保护Web应用程序。如果要访问任何特定文件夹,则创建一个文件夹并添加Web.config文件。并在web.cofig文件中
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<!--Defualt access grant sa=11,admin=12-->
<allow roles="admin"/>
<!--Order and case are important below-->
<deny users="*"/>
</authorization>
</system.web>
</configuration>
阻止 admin
以外的角色用户访问并通过
创建角色FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
Convert.ToString(user.UserID), // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(60), // Date/time to expire
false, // "true" for a persistent user cookie
Convert.ToString(user.RoleID), // User-data, in this case the roles
FormsAuthentication.FormsCookiePath);// Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);