Use asp.net forms authentication so only logged in users can view website
Login.aspx, passwordrecovery.aspx, and register.aspx should be the only pages accessible for logged in users. I have the following in my webconfig:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
I have the following in my configuration element of my webconfig:
<location path="images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="css">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<lo开发者_运维技巧cation path="register.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="passwordrecovery.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I get an Error: ASP.NET Ajax client-side framework failed to load. alert box when viewing any of the public pages. How do I allow access to the asp.net client-side framework (using the location tags?)?
Check the actual url that is requested. I think those will be the calls to Webresource.axd.
I checked fiddler and added the following:
<location path="Telerik.Web.Ui.WebResource.axd">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Ajax client side framework now loads - error message is gone. For those not using the Telerik controls - I'm sure you can use something similar to:
<location path="WebResource.axd">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I agree with Greg, put all your public resources in the root and place any protected items in a subfolder.
Ex:
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="subfolderName">
<system.web>
<authorization>
<allow roles="myRole" />
<deny users="*" />
<!-- deny unknown users -->
<deny users="?" />
</authorization>
</system.web>
</location>
精彩评论