ASP.NET MVC 使用 Web.config 限制可访问的Controller 

<configuration>
  <location path="Home">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  
  <location path="Account">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  
  <!-- 禁止其他所有控制器 -->
  <system.web>
    <authorization>
      <deny users="*"/>
    </authorization>
  </system.web>
  
<!--将默认的401错误显示为404-->
<system.webServer>
<httpErrors errorMode="Custom">
<remove statusCode="401" />
<remove statusCode="404" />
<error statusCode="401" path="401.html" responseMode="File"/>
<error statusCode="404" path="404.html" responseMode="File"/>
</httpErrors>
</system.webServer>
</configuration>

 

如上设置的结果是: Home,Account 这2个Controller 可以访问,除此之外其它Controller 的访问将报:

401 - Unauthorized: Access is denied due to invalid credentials.

posted on 2025-10-27 15:22  wakaka_wka  阅读(0)  评论(0)    收藏  举报

博客园  ©  2004-2025
浙公网安备 33010602011771号 浙ICP备2021040463号-3