Using web.config directory security and extensionless urls
I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows:
- Members
- Members/News
- Members/Press
- Members/Movies
Users should be able to have access to the members parent page, but not child pages. My proble开发者_StackOverflow社区m is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?
This configuration should do the trick. It is enabling anonymous access for the entire website, except for the additional locations - they need an authenticated user to work.
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login" defaultUrl="Members" />
</authentication>
<authorization>
<allow users="?" />
</authorization>
</system.web>
<location path="Members/News">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Members/Press">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Members/Movies">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
精彩评论