问题描述

I am using forms authentication in IIS7 to password-protect a dev site, but the authentication seems to get by-passed when the site contains only static HTML files + login.aspx + web.config.

When I renamed the files to .aspx, I am prompted with the login form I am not doing anything fancy. I have a very simple login script and it should just redirect to index.html afterward.

Any suggestions? To summarize, the entire site is using HTML (for now) and needs to be password protected.

<authentication mode="Forms">
  <forms name="appNameAuth" path="/" loginUrl="~/login.aspx" defaultUrl="index.html" protection="All" timeout="525600">
    <credentials passwordFormat="Clear">
      <user name="[user]" password="[password]" />
    </credentials>
  </forms>
</authentication>
<authorization>
  <deny users="?" />
</authorization>

In IIS7 if you want to protect *.html or *.htm files (or other non .net extensions) under forms authentication then add the following lines to your web.config:

<compilation>
    <buildProviders>
        <add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
        <add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
    </buildProviders>
</compilation>

AND

<system.webServer>
     <handlers>
         <add name="HTML" path="*.html" verb="GET, HEAD, POST, DEBUG"   type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
         <add name="HTM" path="*.htm" verb="GET, HEAD, POST, DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" />
     </handlers>
</system.webServer>

这篇关于如何使用 ASP.NET 在纯 HTML 页面上进行表单身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！