我正在按照以下教程为我的经典asp.net网站创建安全性,并且我是安全新手。
http://csharp-video-tutorials.blogspot.com/2012/12/forms-authentication-using-user-names.htmlhttps://www.youtube.com/watch?v=AoRWKBbc6QI&list=PL6n9fhu94yhXQS_p1i-HLIftB9Y7Vnxlo&index=90
由于webconfig中的以下几行,我什至无法运行登录页面:
<authorization>
<deny users="?"/>
</authorization>
嗯,我认为这不应该应用于登录页面,因为它是使用LoginUrl特性定义的,如下所示:
<forms loginUrl="Login.aspx" timeout="30" defaultUrl="Disclaimer.aspx" protection="All">
因此,我的应用程序的启动页面被定义为Login.aspx,当该应用程序在Visual Studio ide中运行时,它抱怨“访问被拒绝”。
我的登录页面目前不需要任何代码。即使删除所有代码,我也无法运行启动页面本身,因为访问被拒绝,即使它是启动登录页面也是如此。
我的webconig就是这样(大多数代码已生成,只有我在'XXXXXXXX'中添加了代码)
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.7.2"/>
<!--XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-->
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30" defaultUrl="Disclaimer.aspx" protection="All">
<credentials passwordFormat="Clear">
<user name="Venkat" password="Venkat"/>
<user name="Pragim" password="Pragim"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<!--XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-->
<httpRuntime targetFramework="4.7.2"/>
<pages>
<namespaces>
<add namespace="System.Web.Optimization"/>
</namespaces>
<controls>
<add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt"/>
</controls>
</pages>
</system.web>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f"/>
<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed"/>
<bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="11.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35"/>
<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+"/>
</compilers>
</system.codedom>
</configuration>
尝试允许访问您的登录页面。
<location path="~/folderpath/Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>