IIS 7.5和授权
问题描述:
我有一个asp.net/silverlight网站,曾经在iis6下工作。我们升级到iis7.5,但我无法正常工作。IIS 7.5和授权
基本上之前,该网站已设置与表单授权和整个网站设置为拒绝所有用户。然后,我设置登录页面,图像和default.aspx文件以便进行恶意访问。都好。
我也有其他文件夹上的角色安全设置。一旦用户登录,他们将获得他们的角色,并且他们能够访问他们有权访问的文件夹。
在7.5中几乎没有任何工作。我已经关注了网络上的所有信息,但无济于事。谁能帮
这里是我的web.config文件
<authentication mode="Forms">
<forms loginUrl="login.aspx" requireSSL="false" timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<location path="images">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<location path="default.aspx">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<location path="www">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<location path="manuals/customer">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="" roles="man_customer" />
<add accessType="Deny" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<location path="manuals/msa">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="" roles="man_msa" />
<add accessType="Deny" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<location path="documents/msa">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="" roles="doc_msa" />
<add accessType="Deny" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<location path="documents/admin">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="" roles="doc_admin" />
<add accessType="Deny" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<location path="documents/customer">
<system.webServer>
<security>
<authorization>
<add accessType="Allow" users="" roles="doc_customer" />
<add accessType="Deny" users="*" />
</authorization>
</security>
</system.webServer>
</location>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
<remove name="RoleManager" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated" />
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</handlers>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="?" />
</authorization>
</security>
<defaultDocument>
<files>
<clear />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
的部分当网站启动时,它最初重定向到login.aspx的文件。图像文件夹中的图像不可访问。
答
不知道你是如何在IIS 6上工作的,但是我在IIS 7.5上有类似的运行,并且我的web.config
看起来有点不同。试试这个:
<system.web>
<authentication mode="Forms">
<forms loginUrl="login.aspx" requireSSL="false" timeout="30" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
很奇怪。我添加了上面的内容并重新开始工作,但角色没有起作用。我将角色改回了iis 7.5版本,他们开始正常工作。非常非常奇怪 –