问题
I would like to deny anonymous users access to the folder 'test' but exclude and allow access to a file 'webform1' inside the test folder. Why does this not work?
<location path="test">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="test/webform1">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
Here is a link to a sample webforms project https://github.com/uselesshasid/StackOverflow_Question_38597397
回答1:
This is probably a bug in asp.net, with the way it handles authorization when friendly url's are used.
I changed the web.config to define by versions of the file url, and it works.
<location path="test/webform1">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="test/webform1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
来源:https://stackoverflow.com/questions/38597397/deny-access-to-folder-but-allow-access-to-a-file-inside-that-folder