在我的Admin文件夹的根目录中,我在web.config中有以下内容:
<system.webServer> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" users="" roles="Admin" /> </authorization> </security> </system.webServer>这几乎是从IIS文档逐字逐句,但我将角色更改为“管理员”而不是“管理员”,因为这是我的应用程序中的角色。
我确保ASP.NET UrlAuthorization模块没有通过我的根web.config的modules元素中的<remove name="UrlAuthorization" />运行。 我刚刚安装了IIS7 UrlAuthorization,所以我知道它正在运行。
问题是即使我明确允许管理员角色并且已经验证我的管理员用户已登录,管理员也会收到未经授权的错误。 我有什么误会?
请注意,自从我开始编写这些问题以来,我解决了我明确枚举每个不允许的角色并删除remove users="*" ,但我不知道它为什么会起作用。
In the root of my Admin folder, I have the following in my web.config:
<system.webServer> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" users="" roles="Admin" /> </authorization> </security> </system.webServer>This is almost verbatim from IIS documentation, but I changed the role to be "Admin" instead of "Administrators",because that's the role in my app.
I have ensured that the ASP.NET UrlAuthorization module is not running via a <remove name="UrlAuthorization" /> in the modules element of my root web.config. I just installed IIS7 UrlAuthorization, so I know it is running.
The problem is that even though I explicitly allow the Admin role and have validated my Admin user is logged in, the Admin gets an unauthorized error. What am I misunderstanding?
Note, since I started writing this questions, I resolved the issue my explicitly enumerating every disallowed role and removing the remove users="*", but I don't know why it worked.
最满意答案
看起来不会有这样的答案。 但是,如果其他人遇到同样的问题,我最终不得不改变我的方法并从ASP.NET管道外部管理安全性。
It doesn't look like there's going to be an answer to this. But in case anyone else runs across the same issue, I ended up having to change my approach and manage security externally from the ASP.NET pipeline.
更多推荐
Admin,UrlAuthorization,users,IIS,电脑培训,计算机培训,IT培训"/> <meta name=&q
发布评论