Home>

There may be many friends who do not pay attention to such problems like me.In asp.net, using its own access authentication function (form authentication, passport authentication, windows authentication), it does not restrict access to static files (such as html, image files, text files, etc.)Even if these files are placed in a folder that requires authentication,Anonymous users can still access these files.This is because static files are processed by IIS by default. After receiving a request for these files, IISIt is not forwarded to asp.net for processing, so permission verification in asp.net has no effect.in other words,These files are not under the jurisdiction of asp.net.

So how do you put these files under the jurisdiction of asp.net?Take the html file as an example.The easiest way is to change the suffix of the html file to aspx. This method is very simple.Also considered practical,But it's not formal.Another method is to set up for IIS.Let iis transfer the processing rights of the html file to asp.net. The settings are as follows:

(1) Open iis, find the asp.net application you need to set up,Open the properties dialog.

(3) In the Correspondence tab,Click the "Add" button to add the correspondence between the suffix of .htm and the processing program.Specific settings can refer to the settings of .aspx.

Once set up,Revisiting the html file located in the directory that needs to be authenticated will take you to the login page to prompt the user to log inThe access verification has taken effect.But it hasn't been completed yet.Because after logging in,htm file error.This involves a problem with httphandler, because for asp.net this is equivalent to enabling a new file type,There is no corresponding handler.Therefore, you need to change the settings of web.config, register a new handler,For html files, we can use handlers for aspx files,So the settings are as follows:

<system.web>
...
<httphandlers>
...
<!-Add handler for files with suffix htm,Here's the handler for the aspx file->
<add verb="*" path="*. Htm" type="system.web.ui.pagehandlerfactory" />
</httphandlers>
...
</system.web>

Visit again,This time it was a compilation error,Because the corresponding compiler for the htm file is missing,Modify web.config again:

<system.web>
<compilation>
...
<!-Set the compiler for files with suffix htm,Compiler using aspx file here->
<buildproviders>
<add extension=". Htm" type="system.web.compilation.pagebuildprovider" />
</buildproviders>
</compilation>
...
</system.web>

Visit the html file again this time, and it works as expected,Requires authentication,And it can display normally.In fact, the core of this problem lies in the understanding of httphandler. In addition, it is said that in iis7, as long as the application is placed in the application pool with integrated mode,Can solve this problem.

If it is not a special requirement or you have to use an html static page,Personally I think it is relatively simple to convert html to aspx.Customer deployment does not require excessive configuration,Some customers are annoying to deploy the system for configuration,So it's better to be simple.

  • Previous Analysis of installing wetty and instructions for use under Linux
  • Next How an APK program obtains system permissions