Access Permissions Of the configuration file and folder through Web. config in the asp.net project!

Description: We usually encounter this problem during development. For example, a file or folder under the root directory of the project must be accessed after the user logs in. If the user accesses the file or files in the folder without logon, the user can directly block the redirection to the corresponding login page.

Example 1:

I want users to log on to the Admin folder of my program, but do not need to access other pages, that is, files in the Admin folder refuse anonymous access.

The following is the configuration of authorization authentication in the web. config file under the root directory.

[Xhtml: nogutter]View plaincopy

1. <System. web>

2. <Authentication mode = "Forms"> <! -- Windows in the default status -->

3. <Forms loginUrl = "Admin/Login. aspx" name = ". ASPXFORMSAUTH"> </forms>

4. </Authentication>

5. <Authorization>

6. <Allow users = "*"/> <! -- Allow access by any visitor -->

7. </Authorization>

8. </System. web>

9. <Location path = "Admin"> <! -- Note: it is best to keep this node behind </system. web>, although the two nodes may be far apart from each other in the web. config file, do not be confused. The following is the access permission configuration for the Admin folder. -->

10. <System. web>

11. <Authorization>

12. <Deny users = "? "/> <! -- Prevent anonymous users from accessing -->

13. </Authorization>

14. </System. web>

15. </Location>

 

 

 

Note that the location section does not require the <authorization> section. If the location section is added, an error such as "register as allowDefinition = 'machinetoapplication' outside the application level" may occur. if you add a configuration file under a sub-file, you must pay attention to the same problem.
In this way, when you directly access any (non-Login. aspx files) under Admin in the address bar, you will be redirected to the Login. aspx page in the Admin folder.

Then, how does one authorize the Login. aspx Login page (after being authorized, you can access the files in the Admin folder )?

The background code of the Login. aspx page:

[C-sharp: nogutter]View plaincopy

1. If (userName = "xzl" & pwd = "000 ")

2. {

3. FormsAuthentication. RedirectFromLoginPage (userName, false); // authorization (key here)

4. Response. Redirect ("Main. aspx"); // after authorization, users with the username xzl can access the Main. aspx file in the Admin folder.

5. }

 

After successful authorization, you can use the following code to access the logon User Name:

 

[Csharp]View plaincopy

1. // If logon is successful

2. If (User. Identity. IsAuthenticated)

3. {

4. // Output Login Name

5. String userName = User. Identity. Name; // get the login Name

6. Response. Write ("welcome to the Administrator:" + userName + "Log on! ");

7. }

Of course, you can also use the code to launch it securely:

 

 

[Csharp]View plaincopy

1. System. Web. Security. FormsAuthentication. SignOut ();

 

Example 2:

The above method is "centralized management", that is, to configure access permissions for all pages in a configuration file. Here we will introduce the decentralized management method, that is, through multiple web. config.

First, we should know two points about the role of web. config:

Parse, js, and css do not work. Of course, they are different in different iis versions and will not be discussed here.

2. The web. config file in the subdirectory overwrites the settings inherited from the parent directory.

Next, create a test project. The project resources are as follows:

The Admin folder in is protected and can only be accessed by users who have passed the province verification. Therefore, make the following configuration in the web. config configuration file under the root directory:

 

[Html]View plaincopy

1. <Authentication mode = "Forms"> <! -- Forms verification -->

2. <Forms loginUrl = "~ /Admin/Login. aspx "name =". ASPX "> </forms> <! -- Fail, go to the Login. aspx logon page -->

3. </Authentication>

4. <Authorization> <! -- Authorization: For this directory and all resources under this directory -->

5. <Allow users = "*"/> <! -- Allow all users to access -->

6. </Authorization>

The information configured above is that all resources in the root directory and root directory are allowed to be accessed by anonymous users, which obviously does not meet our requirements. However, we know from the 2nd points in the previous 2 points of cognition that we can rewrite the web. config configuration to overwrite the rules provided by the parent directory. Therefore, we can create a new web in the Admin folder. config file to configure the Access Authorization Rules for the Admin folder, as follows:

 

 

[Html]View plaincopy

1. <Configuration>

2. <System. web>

3. <Authorization> <! -- Authorize -->

4. <Deny users = "? "/> <! -- Prevent anonymous users from accessing -->

5. </Authorization>

6. </System. web>

7. </Configuration>

In this case, we have configured the project access rules through "decentralized management.

Http://blog.csdn.net/qingyun1029/article/details/6184723 classification: Asp. Net Technology