Allowing anonymous access to default page

2019-02-02 16:21发布

站内问答 / 前沿技术
1385 4 4

My ASP.NET Forms 4.0 site is running with forms authentication. By default unauthorized users are denied, and then I allow access to certain pages. I have a problem allowing access to the default url: http:/example.com. I have this entry in web.config that defines default page:

<defaultDocument>
    <files>
        <clear/>
        <add value="default.aspx" />
    </files>
</defaultDocument>

and I have this location override: 

<location path="default.aspx">
    <system.web>
        <authorization>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

It works OK when I go to the full url: http://example.com/default.aspx, but redirects to the login page if I go to http://example.com

Any ideas what am I doing wrong?

4条回答
地球回转人心会变
2楼-- · 2019-02-02 16:43

I didn't like making a code change for this issue, especially because my site was working fine on my Windows Server 2008 R2 machine, but not on my Windows 7 SP1 development machine.

It turns out that the root cause of this issue is an update in Service Pack 1 for Windows 7:

http://support.microsoft.com/kb/2526854

The solution appears to be to disable the new "ExtensionlessUrl" feature that was added in SP1:

<system.webServer>

  <handlers>
    <remove name="ExtensionlessUrl-ISAPI-4.0_32bit" />
    <remove name="ExtensionlessUrl-ISAPI-4.0_64bit" />
    <remove name="ExtensionlessUrl-Integrated-4.0" />
  </handlers>

  <validation validateIntegratedModeConfiguration="false" />

</system.webServer>

Obviously if you're using the ExtensionlessUrl feature this won't work for you, but I've documented it here for those migrating a legacy site and are wondering what has suddenly gone wrong.

查看更多
0人赞 添加讨论(0) 举报
聊天终结者
3楼-- · 2019-02-02 16:48

I've just figured out how to solve this without having to fudge a redirection.

If just happened to me after converting from .Net 2 to .Net 4 and I've never found my solution anywhere on the internet so here goes.

If like me your login page is also your default page you need to make sure you do the following two things in the web.config file

Add this to exempt to default.aspx from authentication (didn't need this in .Net 2)

<location path="default.aspx">
     <system.web>
         <authorization>
             <allow users="*" />
         </authorization>
     </system.web>
 </location>

And change the login url from this

<forms name="myform" loginUrl="~/default.aspx" timeout="240" defaultUrl="~/home.aspx"  slidingExpiration="true" protection="All" path="/" />

to this

<forms name="myform" loginUrl="~/" timeout="240" defaultUrl="~/home.aspx" slidingExpiration="true" protection="All" path="/" />

and you should fine it all work nows, just tried it out on two different sites and it did the trick for me

查看更多
0人赞 添加讨论(0) 举报
小情绪 Triste *
4楼-- · 2019-02-02 16:54

I just found answer in a response (by Dmitry) to a similar question here in SO: Forms Authentication Ignoring Default Document:

In Global.asax, method: Application_BeginRequest, place the following:

if (Request.AppRelativeCurrentExecutionFilePath == "~/")
    HttpContext.Current.RewritePath("default.aspx");

Worked like charm!

查看更多
0人赞 添加讨论(0) 举报
Summer. ? 凉城
5楼-- · 2019-02-02 16:55

This works for me in a test web app:

<location path="">
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

<location path="Default.aspx">
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

Now I can't get to either "/" or "/Default.aspx" - give that a try (but use allow instead).

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)