web.config中<location>的顺序是否重要？</location>

Question

我已将FormAuthentication设置为我的网站。

我想允许匿名访问“登录”页面及其资源（js，css，images）。

我已添加到web.config。订单有关系吗？

<configuration>
  <configSections>
    <section name="hibernate-configuration"  
             type="NHibernate.Cfg.ConfigurationSectionHandler, NHibernate" />
    <section name="log4net" 
             type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
  </configSections>
  <appSettings>
    <add key="webpages:Version" value="1.0.0.0" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <location path="~/Authentication.htm">
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="~/Resources">
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="~/js">
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="~/Images">
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="~/Controllers">
    <system.web>
      <authorization>
         <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        .....
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <forms name="Login" loginUrl="~/Authentication.htm"
             protection="All" path="/" timeout="30" />
    </authentication>
    <authorization>
       <deny users ="?" />
       <allow users = "*" />
    </authorization>

为什么我仍然会在添加到？

的路径中收到身份验证错误

Authentication.htm?ReturnUrl=%2fResources%2fScripts%2fjquery-1.7.1.min.js:1Uncaught SyntaxError: Unexpected token <

Authentication.htm?ReturnUrl=%2fjs%2fCommon.js:1Uncaught SyntaxError: Unexpected token <

Authentication.htm?ReturnUrl=%2fjs%2fAuthentication.js:1Uncaught SyntaxError: Unexpected token <

Answer 1

您的root设置会拒绝所有未经身份验证的用户（?），并且您的位置设置会拒绝所有用户（*）。

您可能打算这样做：

<!-- web application root settings -->
<authorization>
   <deny users ="?" />
</authorization>

<!-- login and static resources -->
<location path="~/Images">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>

Answer 2

顺序的确很重要，如果你有重复的元素，只会考虑最后一个元素。