Access to the Web. config file and folder in the ASP.

Description: In development, we often encounter such problems, such as: in the root directory of the project, there is a file or folder to be accessed after the user login. If the user accesses the file or the file under the folder without logging in, direct interception redirects to the corresponding landing page.

Example one:

I want the user to be logged in when accessing the page under the Admin folder of my program, but not when accessing other pages, that is, the file under the Admin folder denies anonymous access.

The following is the configuration for authorization validation in the Web. config file under the configuration root directory.

[XHTML]View Plaincopy

2. <system.web>
4. <authentication mode="Forms"><!--default status windows-->
6. <forms loginurl="admin/login.aspx" name= ". Aspxformsauth "></forms>
8. </Authentication>
10. <authorization>
12. < allow users="*"/><!--allows any visitor to access
14. </Authorization>
16. </system.web>
18. <location path="Admin"><!--Note: This node is best followed by </system.web>, Although these two nodes may be far apart in the Web. config file, don't feel confused. The following is the configuration for access to the Admin folder. -
20. <system.web>
22. <authorization>
24. <deny users="?" /><!--block anonymous user access --
26. </Authorization>
28. </system.web>
30. </location>

Note that the location section does not require the <authorization> section, and if it is added, it will appear "register as allowdefinition= outside the application level"    MachineToApplication ' "Error, if you add a configuration file under a sub-file, you should also be aware of the same problem. This way, when you directly access any (non-login.aspx file) under admin in the Address bar, you will be redirected to the Login.aspx page under the Admin folder.

How in the end is authorized by the Login.aspx landing page (after being authorized to access the files under the Admin folder)?

Login.aspx the background code of the page:

[C-sharp]View Plaincopy < param name= "allowfullscreen" value= "false" >< param name= "wmode" value= "Transparent" >

1. if (UserName = = "Xzl" && pwd = = "$")
2. {
3. FormsAuthentication.RedirectFromLoginPage (UserName, false); Authorization (here is the key)
4. Response.Redirect ("main.aspx"); With the authorization above, users named Xzl can access the main.aspx file under the Admin folder.
5. }

After successful authorization through the above method, you can access the logged-in user name by following the code:

[CSharp]View Plaincopy < param name= "allowfullscreen" value= "false" >< param name= "wmode" value= "Transparent" >

1. If the login succeeds
2. if (User.Identity.IsAuthenticated)
3. {
4. //Output login name
5. string userName = User.Identity.Name; //Get login name
6. Response.Write ("Welcome Administrator:" + userName + "Login!  ");
7. }

Of course, it can also be safely rolled out by code:

[CSharp]View Plaincopy

1. System.Web.Security.FormsAuthentication.SignOut ();

Example two:

The above approach is "centralized management", that is, to configure the access rights of all pages in a configuration file, here is another way to describe the decentralized management, that is, through multiple Web. config To configure file access permissions.

First of all, the role of Web. config we should know two points:

1. The settings of Web. config will be used for resources under the directory and all sub-files under the directory-generally referred to as. NET resources, such as ASPX, ASHX, ascx, and so on. html, JS, CSS, etc. do not work, of course, different versions of IIS, No discussion is made here.

2. The Web. config file under subdirectories overrides settings inherited from the parent directory.

Next, we create a new test project with project resources such as:

The admin folder in is protected and is accessible only to users authenticated by the province, so we configure the following in the Web. config configuration file under the root directory:

[HTML]View Plaincopy

2. <authentication mode="Forms"><!--Forms verification --
4. <forms loginurl="~/admin/login.aspx" name= ". ASPX></forms><!--not passed to login.aspx login page -
6. </Authentication>
8. <authorization><!--authorization: For this directory and all resources below this directory--
10. < allow users="*"/><!--allows all users to access
12. </Authorization>

The information configured above is that the root directory and all resources under the root directory Allow anonymous user access, which obviously does not meet our requirements, but we know according to the 2nd of the above 2-point cognition, You can override the rules provided by the parent directory by overriding the Web. config configuration, so we can create a new Web. config file in the Admin folder to configure access authorization rules for the Admin folder, as follows:

[HTML]View Plaincopy

2. <configuration>
4. <system.web>
6. <authorization><!--authorization --
8. <deny users="?" /><!--block anonymous user access --
10. </Authorization>
12. </system.web>
14. </configuration>

In this way, we have configured access rules for the project through "decentralized management".

Access to the Web. config file and folder in the ASP.