<authentication mode="Forms">
    <forms name="MyApp02" path="/" loginUrl="/css/index.apsx"
           protection="All" timeout="30">
      <credentials passwordFormat="Clear">
        <user name="billjones" password="test" />
        <user name="marthasmith" password="test" />
        <user name="joesoap" password="test" />
      </credentials>
    </forms>
  </authentication>

解决方案 »

  1.   

    你得把<authentication mode="Forms" />中的“/”去掉!
      

  2.   

    这是从前的代码,有点糙,不过思想是对的。
    可以把相同访问权的页面都放到同一个目录中,然后对这个目录在web.config进行权限设置。对web.config如下设置
    <configuration>
    <authentication mode="Forms">
    <forms name="YourApp" path="/" loginUrl="login.aspx" protection="All" timeout="30">
    </forms>
    </authentication>
    <location path="YourFolder">
    <system.web>
    <authorization>
    <allow roles="YourRoles" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    </configuration>在Global.asax.vb里面,
    If Not (HttpContext.Current.User Is Nothing) Then
    If (HttpContext.Current.User.Identity.IsAuthenticated = True) Then
                  If (HttpContext.Current.User.Identity.AuthenticationType = "Forms") Then
                        Dim id As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
                        Dim ticket As FormsAuthenticationTicket = id.Ticket
                        ' Get the stored user-data, in this case, our roles
                        Dim userData As String = ticket.UserData
                        Dim roles() As String = userData.Split(",")
                        HttpContext.Current.User = New GenericPrincipal(id, roles)
                    End If
                End If
            End If在login.aspx.vb中
    Dim encryptPwd As String
            encryptPwd = Functions.EncryptPassword(txtpwd.Text, "MD5")
            Dim reader As SqlClient.SqlDataReader
            FormsAuthentication.Initialize()
            reader = Functions.GetReaderObject("SELECT name,roles FROM userinfo WHERE Username='" & txtloginid.Text & "' AND Password='" & encryptPwd & "'")
            If reader.Read Then
                FormsAuthentication.RedirectFromLoginPage(txtloginid.Text, False)
                Session("xm") = reader.Item(0)
                Dim sqldr As SqlDataReader
                sqldr = Functions.GetReaderObject("select distinct YYDX_CZ_BS from SysDefV_XT_QX_YH where YH_BS='" & txtloginid.Text & "'")
                Dim inttmp As Integer
                Dim objStrB As System.Text.StringBuilder = New System.Text.StringBuilder()
                While sqldr.Read
                    objStrB.Append(sqldr(0).ToString + ",")
                End While
                If sqldr.IsClosed = False Then
                    sqldr.Close()
                End If
                If objStrB.Length > 0 Then
                    objStrB.Remove(objStrB.Length - 1, 1)
                End If
                Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, txtloginid.Text, DateTime.Now, DateTime.Now.AddMinutes(30), True, objStrB.ToString, FormsAuthentication.FormsCookiePath)
                Dim hash As String = FormsAuthentication.Encrypt(ticket)
                Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)
                Response.Cookies.Add(cookie)
            Else
                lblMsg.Text = "用户验证失败!"
                lblMsg.Visible = True
            End If
            If reader.IsClosed = False Then
                reader.Close()
            End If
      

  3.   

    谢谢但我想知道<location path="YourFolder">的作用望告知
      

  4.   

    <location path="YourFolder">
    是对于目录的权限设置!