开发者

Using web.config directory security and extensionless urls

I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows:

  • Members
  • Members/News
  • Members/Press
  • Members/Movies

Users should be able to have access to the members parent page, but not child pages. My proble开发者_StackOverflow社区m is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?


This configuration should do the trick. It is enabling anonymous access for the entire website, except for the additional locations - they need an authenticated user to work.

<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms loginUrl="Login" defaultUrl="Members" />
        </authentication>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>

    <location path="Members/News">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Press">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Movies">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

</configuration>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜