Web.config allow location access for specific user

后端未结

关注

 5  1064

悲哀的现实 2020-12-31 13:30

I have a webserver from where users can download files that are specific for each user. To be sure each user can only download its own files they must authenticate via

5条回答

清酒与你 (楼主)

2020-12-31 14:13
Update #3

You can enable URLAuthorization to force IIS to protect files that aren't normally processed in IIS. The solution here depends on IIS 7.x and using Integrated pipelines.
```
    
        
        
        
        
        
    
```
Updated #2 You can switch entirely to Forms authentication only by removing the custom things you've added and do the following.

I've actually tested this and it only allows jack in to dir1 and jill in dir2. Both can access the root.

If this doesn't work, we'll need to discuss more of your setup.

web.config
```
    
        
        
        
        
        
    

    
        
            
                
                    
                    
                
            
        
        
            
        
        
        
    
    
        
            
                
                
            
        
    
    
        
            
                
                
            
        
    
```
Login.aspx - You must add in the redirect from the Login control because otherwise Forms authentication will look for a database in the App_Code directory, which doesn't exist.
Login.aspx.cs
```
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        string username = Login1.UserName;
        string password = Login1.Password;
        if (FormsAuthentication.Authenticate(username, password))
        {
            FormsAuthentication.RedirectFromLoginPage(username, false);
        }
    }
```
Update #1

I went through the example that you linked as Custom Basic Authentication HTTP Module and then followed through to The HTTP Module which has a link at the very bottom to additional source.

This source has a membership provider example using the custom basic authentication. I feel like you're running in to troubles by mixing in the Forms membership provider that you have in your web.config.

When you start to make your own separate authentication, things don't go nicely and you usually need to add in your own everything.

This code works from that additional link on my end.

As an added possibility, if you would like to let ASP.NET handle all of the membership itself and you are using SQL to store everything, consider looking at http://weblogs.asp.net/sukumarraju/archive/2009/10/02/installing-asp-net-membership-services-database-in-sql-server-expreess.aspx to see how to use the wizard to set it up in SQL.

The built in membership will be Forms authentication and be a lot less work than using custom.

Previous Version

I've never had luck with using the tags so I just put new web.configs in the directories. I've also had troubles when I don't exclude anonymous in sub folders as well. This seems to be that the browser will default to anonymous which will get through

Here is how I do it.

Root web.config
```
    
        
         
    
```
Sub directory web.config. Make sure you explicitly deny all other users. If you don't deny all other users, they can still get in.
```
    
        
            
             
        
    
```
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...