在web.config里修改配置从而对匿名用户拒绝提供某资源

下面的例子里先deny了匿名用户对于_layouts和_vti_bin目录下的所有页面, 然后允许匿名用户访问四个指定的页面.

其中的问号(?)代表着匿名用户.

=================

<configuration>

  <location path="_layouts">
    <system.web>                  
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

  <location path="_vti_bin">
    <system.web>                  
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

  <location path="_layouts/login.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

  <location path="_layouts/error.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>
 
  <location path="_layouts/accessdenied.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

</configuration>

 

参考资料

================

Locking down Office SharePoint Server sites

http://technet.microsoft.com/en-us/library/ee191479(office.12).aspx