Deny access to 'admin' folder in web.config
I am new to ASP.NET, so forgive me if this is simple.
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:
path attribute must be a relative virtual path. It cannot start with any of ' ' '.' '/' or '\'. C:\Personal\Projects\OliverSalon\web.config
I have tried placing "Admin", "/Admin" & "Admin/"
<configuration>
<connectionStrings>
<add name="OliverSalonConnectionString1" connectionString="Data Source=localhost;Initial Catalog=OliverSalon;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="false" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="Oliver" loginUrl="Login.aspx" path="/" timeout="20">
<credentials passwordFormat="Clear">
开发者_如何学C <user name="OliverSalon" password="cuts"/>
</credentials>
</forms>
</authentication>
<authorization >
<deny users="?"/>
</authorization>
</system.web>
<location path="/Admin">
<system.webServer>
<directoryBrowse enabled="false"/>
</system.webServer>
</location>
This is way back from my web form days.
Place a web.config in your admin folder.
The contents should be:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="admin" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
** EDIT to answer your question If you set the login url the framework will automatically send you to the login page if an unauthorized user tries to access your admin folder.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="20" slidingExpiration="true" cookieless="AutoDetect" protection="All" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx" path="/"/>
</authentication>
加载中,请稍侯......
精彩评论