Question

我正在使用IIS7的认证表格,通过密码保护一个杰夫网站,但当网站仅包含static RUSfile +login.aspx + web.config时,认证似乎被绕过。

When I renamed the files to .aspx, I am prompted with the login form I am not doing anything fancy. I have a very simple login script and it should just redirect to index.html afterward.

任何建议? 总之,整个网站(现在)使用超文本,需要密码保护。

<authentication mode="Forms">
  <forms name="appNameAuth" path="/" loginUrl="~/login.aspx" defaultUrl="index.html" protection="All" timeout="525600">
    <credentials passwordFormat="Clear">
      <user name="[user]" password="[password]" />
    </credentials>
  </forms>
</authentication>
<authorization>
  <deny users="?" />
</authorization>

Answer 1

在IIS7中,如果你想保护*.html或*.htm 档案(或其他非网络延伸)的认证表格,那么在您的网站上添加以下内容:

<compilation>
    <buildProviders>
        <add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
        <add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
    </buildProviders>
</compilation>

<system.webServer>
     <handlers>
         <add name="HTML" path="*.html" verb="GET, HEAD, POST, DEBUG"   type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
         <add name="HTM" path="*.htm" verb="GET, HEAD, POST, DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
     </handlers>
</system.webServer>

Answer 2

为使超文本档案被您的批评形式束缚下来,你需要由协会提供服务。 NET。您可以通过将您所需要的延期(例如:html、htm等)与印本-比萨本(dll)联系起来,来做到这一点。

一度是伙伴关系。 NET正在为这些档案提供服务,你可以像任何象页一样,明确准许这些档案。

详情见。 MSDN :

By default, IIS processes static content itself - like HTML pages and CSS and image files - and only hands off requests to the ASP.NET runtime when a page with an extension of .aspx, .asmx, or .ashx is requested.

IIS 7, however, allows for integrated IIS and ASP.NET pipelines. With a few configuration settings you can setup IIS 7 to invoke the FormsAuthenticationModule for all requests. Furthermore, with IIS 7 you can define URL authorization rules for files of any type. For more information, see Changes Between IIS6 and IIS7 Security, Your Web Platform Security, and Understanding IIS7 URL Authorization.

Long story short, in versions prior to IIS 7, you can only use forms authentication to protect resources handled by the ASP.NET runtime. Likewise, URL authorization rules are only applied to resources handled by the ASP.NET runtime. But with IIS 7 it is possible to integrate the FormsAuthenticationModule and UrlAuthorizationModule into IIS s HTTP pipeline, thereby extending this functionality to all requests.

Answer 3

尽管这是一个老的问题,但我认为,在普拉多的回答中,这一联系确实有用。以下是适用于国际空间法研究所7的概述。

在以下网站:web.config, 增加或修改<handlers><system.webServer>:

<handlers>
  <add name="HTML" path="*.html" verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="%windir%Microsoft.NETFrameworkv2.0.50727aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" />
</handlers>

替换<代码>。代表: 具有正确环境价值。

然后添加或修改<代码><compilation>和<http://Handlers> under <system.web>:

<compilation debug="false" strict="false" explicit="true">
  <buildProviders>
    <!--Add below so .html file will be handled by ASP.NET (for use of Forms Authentication)-->
    <add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
  </buildProviders>
</compilation>
<httpHandlers>
  <!--Add below so .html file will be handled by ASP.NET (for use of Forms Authentication)-->
  <add verb="GET, HEAD, POST, DEBUG" path="*.html" type="System.Web.UI.PageHandlerFactory" />
</httpHandlers>

替换<代码>。页: 1

你还可以包括按 com子分列的更多延期,

Answer 4

I ve solved the same problem a few days ago, by following the post by fr33m3 @ 11-21-2007, 3:19 PM on this thread: http://forums.asp.net/t/1184547.aspx follow all the steps from 2. to 5. and you re done!

希望这将有助于我。

友情链接