开发者

ASP.MVC :Web.Config and Authorize attribute

问答 作者:

I have an AdminController protected by an Authorize attribute like this

[Authorize(Roles = "Admin")]
public class AdminController :  BaseController
{
.....
}

And I have in my web.config this security location section

<location path="admin">
   <system.webServer>
       <security>
          <authorization>
            <remove users="*" roles="" verbs="" />
            <add accessType="Allow" roles="Admin" />
          </authorization>
       </security>
   </system.webServer>
</location>

If I remove the web config section, everything works perfectly and only Admin can access Admin actions With the section in, I am alwa开发者_JAVA技巧ys redirected to my login page

However, I need the web.config section because I have some static files on the Admin folder that I want to be protected and accessed only by Admin role

What's wrong with my web.config Thanks

easiest way is to add a new web config file to the admin section

<?xml version="1.0"?>
<configuration>
    <system.web>     
        <authorization>
          <deny users="*" />
          <allow roles="Admin" />   
       </authorization>
    </system.web>
</configuration>

继续阅读:asp.net-mvc-2

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9