当我将文件重命名为.aspx时,我将提示登录表单
我没有什么好奇心我有一个非常简单的登录脚本,它应该只是重定向到index.html之后。
有什么建议么?总而言之,整个网站正在使用HTML(现在),需要受到密码保护。
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="~/login.aspx" defaultUrl="index.html" protection="All" timeout="525600">
<credentials passwordFormat="Clear">
<user name="[user]" password="[password]" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
解决方法
Onces ASP.NET正在为这些文件提供服务,您可以像任何aspx页面一样为其指定权限。
有关更多信息,请参阅MSDN:
By default,IIS processes static
content itself – like HTML pages and
CSS and image files – and only hands
off requests to the ASP.NET runtime
when a page with an extension of
.aspx,.asmx,or .ashx is requested.IIS 7,however,allows for integrated
IIS and ASP.NET pipelines. With a few
configuration settings you can setup
IIS 7 to invoke the
FormsAuthenticationModule for all
requests. Furthermore,with IIS 7 you
can define URL authorization rules for
files of any type. For more
information,see Changes Between IIS6
and IIS7 Security,Your Web Platform
Security,and Understanding IIS7 URL
Authorization.Long story short,in versions prior to IIS 7,you can only use forms authentication to protect resources handled by the ASP.NET runtime. Likewise,URL authorization rules are only applied to resources handled by the ASP.NET runtime. But with IIS 7 it is possible to integrate the FormsAuthenticationModule and UrlAuthorizationModule into IIS’s HTTP pipeline,thereby extending this functionality to all requests.
