1

我在 asp.net 上的作业有问题。我想问一下,除非我在 web config 中指定了对页面的访问权限,否则有什么方法可以阻止任何用户(包括经过身份验证的用户)访问新创建的 web 表单?

我尝试使用

<deny users="*">

但它拒绝所有用户访问任何页面,即使是我已经指定访问权限的页面,例如:

<location path="home.aspx">
4

2 回答 2

2

这是一篇不错的文章,示例在MS Support上

  <configuration>
        <system.web>
            <authentication mode="Forms" >
                <forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
                </forms>
            </authentication>
    <!-- This section denies access to all files in this 
    application except for those that you have not explicitly 
    specified by using another setting. -->
            <authorization>
                <deny users="?" /> 
            </authorization>
        </system.web>
    <!-- This section gives the unauthenticated 
    user access to the ThePageThatUnauthenticatedUsersCanVisit.aspx 
    page only. It is located in the same folder 
    as this configuration file. -->
            <location path="ThePageThatUnauthenticatedUsersCanVisit.aspx">
            <system.web>
            <authorization>
                <allow users ="*" />
            </authorization>
            </system.web>
            </location>
    <!-- This section gives the unauthenticated 
    user access to all of the files that are stored 
    in the TheDirectoryThatUnauthenticatedUsersCanVisit folder.  -->
            <location path="TheDirectoryThatUnauthenticatedUsersCanVisit">
            <system.web>
            <authorization>
                <allow users ="*" />
            </authorization>
            </system.web>
            </location>
    </configuration>
于 2013-01-05T05:53:20.880 回答
0

这应该可以帮助您:

<location path="FolderName/pagename.aspx">
        <system.web>
            <authorization>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
于 2013-01-05T07:19:55.297 回答