ASP.NET Authentication with Roles in IIS7 Integrated Mode for Static Content

那年仲夏 提交于 2019-12-21 20:33:02

问题


I am experimenting with the integrated authentication mode for static content in IIS7. I followed the instructions in this article: http://aspnet.4guysfromrolla.com/articles/122408-1.aspx It is working fine if I allow/deny access by login status (like in the article). However I want to allow/deny access based on roles (using the ASP.NET built in Roles Provider). When I put an allow rule for the role "Admin" in the web.config and deny rule for all other users I am not able to access the static files even when I login as an admin. The same folder contains non-static content (aspx pages) that are accessed just fine based on the Role Provider information.

Any ideas?


回答1:


Try adding the following to your <system.webServer> <modules> block:

<configuration>
  <system.webServer>
    <modules>
      <remove name="FormsAuthentication" />
      <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
      <remove name="UrlAuthorization" />
      <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
      <remove name="DefaultAuthentication" />
      <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
      <remove name="RoleManager" />
      <add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
    </modules>
  </system.webServer>
</configuration>

The RoleManager bit is key, and it's not included in any of the online examples that I could find. Without that, the user's role membership isn't initialized for static content, so role-based authorization will always fail.

(Disclaimer: I've pieced this together myself based on my limited understanding of IIS, but it seems to work.)

Edit (in response to your comment): Sorry, I don't know much about how RoleManager depends on other modules. You can view the default IIS configuration by looking at c:\Windows\System32\inetsrv\config\applicationHost.config (at least, that's the past on my Windows Vista machine) to see the order in which modules are loaded (note the use of managedHandler by default to restrict RoleManager to non-static content), and MSDN covers RoleManagerModule along with the rest of the modules in the System.Web.Security namespace, so you could probably find what you need there.




回答2:


I would say the most likely culprit is that the static files are not being processed by ASP.NET but being left up to IIS.

Does it work if you add a wildcard script mapping?



来源:https://stackoverflow.com/questions/991045/asp-net-authentication-with-roles-in-iis7-integrated-mode-for-static-content

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!