Deny access to 'admin' folder in web.config

前端未结

关注

 1  541

时光取名叫无心

I am new to ASP.NET, so forgive me if this is simple.

I am trying to deny access to my \'Admin\' folder via web.config. I looked at another answer to a similar ques

相关标签:

1条回答

醉话见心

2020-12-05 08:24

This is way back from my web form days.

Place a web.config in your admin folder.

The contents should be:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
          <allow roles="admin" />
          <deny users ="*" />
        </authorization>
    </system.web>
</configuration>

** EDIT to answer your question If you set the login url the framework will automatically send you to the login page if an unauthorized user tries to access your admin folder.

        <authentication mode="Forms">
            <forms loginUrl="Login.aspx" timeout="20" slidingExpiration="true" cookieless="AutoDetect" protection="All" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx" path="/"/>
</authentication>

0 讨论(0)