authentication and excluding .aspx page by routing MVC
ISSUE:
For example, one page accessed as:
{physicalPath}/popup/Page1.aspx {projectPath}/popup/Page1.aspx {serverPath}/apsx/external/Page/{id}
Route is registered in Global.asax as:
routes.MapPageRoute("ViewPage","external/Page/{AccessKey}/","~/popup/Page1.aspx",false,newRouteValueDictionary{{ ACCESSKEY,HttpRoutes.RouteParameter.Optional}}); routes.RouteExistingFiles=false;
In Web.config added node:
<locationpath="external"><system.web><authorization><allowusers="?"/><allowusers="*"/></authorization></system.web></location>
Form authentication is configured as:
<authenticationmode="Forms"><formstimeout="120"domain="{host}"cookieless="UseCookies"enableCrossAppRedirects="true"name=".ASPXAUTH"loginUrl="~/Login.aspx"defaultUrl="~/Home/"/></authentication> <authorization><denyusers="?"/><allowusers="*"/></authorization>
When I try to access page using Url:
https://{host}:444/apsx/external/Page/?AccessKey=%3daa3%3ddsa9dsA/dwq62%3bwdq5
I get redirected to Login.aspx.
Also tried following:
protectedvoidApplication_BeginRequest(object sender,EventArgs e){HttpContext.Current.Response.AddHeader("x-frame-options","SAMEORIGIN");if(Request.Path=="/apsx/external/Page/"){HttpContext.Current.SkipAuthorization=true;}}
Have not helped :(
SOLUTION:
If configure Web.config as I described upper, you can specify pattern with virtual path starts from, and apply settings not only to physical files.
For example:
routing:
routes.MapPageRoute("ViewPage","external/Page/{AccessKey}/","~/popup/Page1.aspx",false,newRouteValueDictionary{{ ACCESSKEY,HttpRoutes.RouteParameter.Optional}});
false - the key value, details there.
web config:
<locationpath="external"><system.web><authorization><allowusers="?"/><allowusers="*"/></authorization></system.web></location>
path="external" because my route begins with "external" :
"external/Page/{AccessKey}/"
authentication and excluding .aspx page by routing MVC,古老的榕树,5-wow.com
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。