我有一个启用了Windows身份验证的web应用程序,但我想启用对某些路径的匿名访问。
有没有一种方法可以从web.config中做到这一点?
像这样的东西。(在web.config中添加此项会引发错误,我无法覆盖它(
<location path="/dir/path">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
当前web.config
<system.web>
<compilation defaultLanguage="c#" explicit="true" debug="false">
</compilation>
<customErrors mode="On" />
<authentication mode="Windows" />
<identity impersonate="false" />
<authorization>
<allow users="*" />
</authorization>
<webServices>
<protocols>
<remove name="HttpPost" />
<remove name="HttpGet" />
</protocols>
</webServices>
</system.web>
<location path="_user/pages">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
我一直在为一个完全落后于身份验证的应用程序的NotAuthorized
视图使用它。
<system.webServer>
<authorization>
<allow roles="NormalUser, Admin" />
<deny users="*" />
</authorization>
</system.webServer>
<location path="NotAuthorized">
<system.webServer>
<authorization>
<allow users="*" />
</authorization>
</system.webServer>
</location>
更改为IIS 6 的<system.web>
<location path="MyController/MyAction">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
如需澄清,请查看@http://msdn.microsoft.com/en-us/library/system.web.http.allowanonymousattribute(v=vs.108(.aspx