ASP.NET web.config authorization settings ignored

I was searching for some solution but can't find one. There is this and this ones but can't found and answer there. Im developing an asp.net application on ASP.NET development server . I have the following web.config in my root asp.net folder:

<?xml version="1.0"?>  
<configuration>  
  <system.web>  
    <compilation debug="true" targetFramework="4.0" />  
    <authentication mode="Forms">  
      <forms name="4df5d465h"  
          loginUrl="~/login.aspx"  
          protection="All"  
          timeout="30" path="/" />  
    </authentication>  
    <authorization>  
      <deny users="?"/>  
    </authorization>  
  </system.web>  
</configuration>  

My image folder is together my main web.config at root asp.net application folder.
Inside the image folder I put the following web.config:

<?xml version="1.0"?>  
<configuration>  
  <system.web>  
    <authorization>  
      <allow roles="*"/>  
      <allow users="*"/>  
    </authorization>  
  </system.web>  
</configuration>  

I put role attribute after to see if its work.
I wrote the main web.config in this way too:

<?xml version="1.0"?>  
<configuration>
  <system.web>  
    <compilation debug="true" targetFramework="4.0" />  
    <authentication mode="Forms">  
      <forms name="3D45C7D8B0B0C"  
          loginUrl="~/login.aspx"  
          protection="All"  
          timeout="30" path="/" />  
    </authentication>  
    <authorization>  
      <deny users="?"/>  
    </authorization>  
  </system.web>  

  <location path="~/image">  
    <system.web>  
      <authorization>  
        <allow users="*"/>  
      </authorization>  
    </system.web>  
  </location>  
</configuration>

But the login page never can load the images

In design mode, inside visual studio editor, the image load in login.aspx page then image tag must be ok.

What I'm doing wrong?? Thanks a lot.

@nico, thanks a lot for format my question. No im not rewriting nothing. Its most simple and default asp.net application possible. Its default template asp.net application with an link on Default.aspx and a simple login.aspx page, its a test project, the login form works but the image doesn't load.

@Chris_Lively, yes there is a web.config in image folder, its web.config with <'allow roles='*'>, i checked, the folder is named image , the src of image tag point to image its getting me crazy


Your config file contains error - 'roles'-tag cannot use asterisk, you should define specific role name (allow element) or dont use it at all.

You'll see error message 'Parser Error Message: Authorization rule names cannot contain the '*' character' in fiddler.

I think it was reason of your problem.

链接地址: http://www.djcxy.com/p/90154.html

上一篇: Asp.net和安全性

下一篇: ASP.NET web.config授权设置被忽略