yiming/17168ERP
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

migrate to new git

Browse Source
This commit is contained in:
yiming
2025-08-29 01:27:25 +08:00
parent 946eb9961e
commit af2c152ef6
8623 changed files with 1000453 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

240
web/web.config Normal file
View File

@@ -0,0 +1,240 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<appSettings>
<add key="systemDirs" value="news,product" />
<add key="shopCarCode" value="17168ERP" />
<!--allowReqAtt 弱掃需求建議設定註冊會用到的request名稱(給rtnQueryString這隻用的)num,root,kind,kw,page,defpath,rtnobj,dirname,CKEditorFuncNum,mode,msg,nation,category,sign_no,order_no,skey,key,chknum,chk,id-->
<add key="allowReqAtt" value="" />
<add key="owin:AutomaticAppStartup" value="true" />
<add key="owin:AppStartup" value="SignalRChat.Startup" />
<!--設計師模式-->
<add key="designIP" value="127.0.0.1,211.20.239.58" />
<!--允許後台的ip-->
<add key="admIP" value="" />
<!--後台只允許台灣的IPY=啟用,設為其它值為停用-->
<add key="admTwIP" value="Y" />
<!--後台一個帳號只允許一個人登入若要啟用請設Y-->
<add key="SingleIn" value="N" />
<!--GOOGLE recaptcha https://www.google.com/recaptcha/ -->
<add key="recaptchaSitekey" value="" />
<!--金鑰-->
<add key="recaptchaSecret" value="" />
<!--密鑰-->
<!--圖片浮水印設定0=不使用 1=縮圖程式使用 2=上傳圖片若有使用縮圖則壓上浮水印(原檔會壓上浮水印)-->
<add key="WatermarkMode" value="0" />
<!--圖片浮水印設定:圖片路徑-->
<add key="WatermarkPath" value="~/App_Script/watermark.png" />
<!--圖片浮水印設定:透明度-->
<add key="WatermarkPct" value="0.5" />
<!--嘗試登入後台失敗次數若不使用請設0-->
<add key="LoginTryCount" value="3" />
<!--嘗試登入後台失敗鎖定分鐘-->
<add key="LoginTryLockMin" value="15" />
<!--密碼強度 0=不限制 1=普通 2=中 3=高-->
<add key="pwStrength" value="0" />
<!--考勤允許IP-->
<add key="attendancesIP" value="211.20.239.58,127.0.0.1,122.117.61.232" />
<!--網站的簡稱用來區別session和cookie-->
<add key="SC" value="erp17168" />
</appSettings>
<connectionStrings>
<!--SQL用-->
<!-- -->
<add name="shopConn" providerName="System.Data.SqlClient" connectionString="Data Source=localhost;Initial Catalog=17168erp_e2;User ID=17168erp;Password=17168erp;Encrypt=False;TrustServerCertificate=True;Provider=SQLOLEDB;" />
<add name="ezEntities" connectionString="metadata=res://*/App_Code.Model.Model.csdl|res://*/App_Code.Model.Model.ssdl|res://*/App_Code.Model.Model.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=localhost;Initial Catalog=17168erp_e2;User ID=17168erp;Password=17168erp;Encrypt=False;TrustServerCertificate=True;&quot;" providerName="System.Data.EntityClient" />
<!--SQL用-->
</connectionStrings>
<!--
如需 web.config 變更的說明,請參閱 http://go.microsoft.com/fwlink/?LinkId=235367。
您可以在 <httpRuntime> 標記上設定下列屬性。
<system.Web>
<httpRuntime targetFramework="4.7.2" />
</system.Web>
-->
<system.web>
<httpCookies httpOnlyCookies="true" sameSite="Lax" />
<!--有SSL要用這行上面一行要拿掉 <httpCookies requireSSL="true" sameSite="Lax" httpOnlyCookies="true"/>-->
<!--machineKey的產生器http://www.allkeysgenerator.com/Random/ASP-Net-MachineKey-Generator.aspx-->
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="AES" />
<!--
OLD:
<machineKey validation="SHA1" decryption="AES"
validationKey="0D8F8703B1E133FB1E507DBDA1E641AA046903DBDB4E1A0C984CA8D47ECCBC1731F40D740DD2C11613EE380F9AC673F5A850AF5264304B8D1F291C3754848E47"
decryptionKey="5DA56C30BC1FB4E5744C7A790AD32FF191C20BF6363FCAE3B34B2757B399934E" />
-->
<!--
NEW:
<machineKey validation="SHA1" decryption="AES"
validationKey="AF45CC82553E8225A5FA0DE14DEB854130BA4E6B"
decryptionKey="9F8A9C5F4394F24E6CB3404C8721EB3EBEFFDA66FD8DA7B9F393D42E18257CFE" />
-->
<!--有要弱點掃瞄切換成這個<machineKey validation="3DES"/>App_Code\config.cs 裡面的「壓縮ViewState」要拿掉-->
<customErrors mode="Off" />
<!--<customErrors>
<error statusCode="404" redirect="main.aspx?msg=404"/>
</customErrors>-->
<!--自訂程式錯誤的頁面設定-->
<!--<customErrors mode="On" defaultRedirect="~/main.aspx">
<error statusCode="404" redirect="main.aspx?msg=404"/>
</customErrors>-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" fileEncoding="utf-8" />
<compilation debug="true" targetFramework="4.8">
<assemblies>
<add assembly="System.Net.Http, Version=4.2.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Data.Entity.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add assembly="System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.ComponentModel.DataAnnotations, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
<buildProviders>
<add extension=".edmx" type="System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider" />
</buildProviders>
</compilation>
<pages enableViewStateMac="true" viewStateEncryptionMode="Always" controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<controls>
<add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
<add assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" tagPrefix="cc1" />
</controls>
</pages>
<authentication mode="Forms">
<forms loginUrl="~/admin/index.aspx" defaultUrl="~/admin/index.aspx" />
</authentication>
<httpRuntime requestValidationMode="2.0" enableVersionHeader="false" />
</system.web>
<system.webServer>
<!-- 支援路由有"." https://stackoverflow.com/questions/9273987/asp-net-mvc-url-route-supporting-dot -->
<modules runAllManagedModulesForAllRequests="true" />
<!--修補弱點IIS 目錄列舉-->
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence="?" />
<add sequence="*" />
</denyUrlSequences>
</requestFiltering>
</security>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="X-AspNet-Version" />
<!--<add name="X-Frame-Options" value="SAMEORIGIN" /> iframe只允許嵌入自已網站下的頁面 -->
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<!--有ssl 才能用-->
<!--<add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=31536000, s-maxage=0" />-->
<!--<add name="Cache-Control" value="max-age=31536000" />-->
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Referrer-Policy" value="strict-origin" />
</customHeaders>
</httpProtocol>
<rewrite>
<rules>
<!--若有裝SSL與主機有支援urlrewrite的話可啟用下面讓http自動轉去https
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>-->
<!--
<rule name="Redirect domain.com to www" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^domain.com$" />
</conditions>
<action type="Redirect" url="https://www.domain.com/{R:0}" />
</rule>
-->
<!--sites資料夾裡拒絕直接訪問-->
<rule name="SiteRule1" stopProcessing="true">
<match url="^sites/(.*)" />
<action type="AbortRequest" />
</rule>
<!--upload資料夾裡拒絕訪問程式頁-->
<rule name="RequestBlockingRule1" stopProcessing="true">
<match url="^upload/(.*)\.aspx" />
<action type="CustomResponse" statusCode="404" />
</rule>
<rule name="RequestBlockingRule2" stopProcessing="true">
<match url="^upload/(.*)\.asp" />
<action type="CustomResponse" statusCode="404" />
</rule>
<rule name="RequestBlockingRule3" stopProcessing="true">
<match url="^upload/(.*)\.php" />
<action type="CustomResponse" statusCode="404" />
</rule>
<rule name="RequestBlockingRule4" stopProcessing="true">
<match url="^upload/(.*)\.asmx" />
<action type="CustomResponse" statusCode="404" />
</rule>
<rule name="RequestBlockingRule5" stopProcessing="true">
<match url="^upload/(.*)\.ashx" />
<action type="CustomResponse" statusCode="404" />
</rule>
<rule name="RequestBlockingRule6" stopProcessing="true">
<match url="^upload/(.*)\.html" />
<action type="CustomResponse" statusCode="404" />
</rule>
<!--upload資料夾裡拒絕訪問程式頁-->
</rules>
</rewrite>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="777.00:00:00" />
</staticContent>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<entityFramework>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
</entityFramework>
<system.codedom>
<compilers>
<compiler extension=".cs" language="c#;cs;csharp" warningLevel="4" compilerOptions="/langversion:7.3 /nowarn:1659;1699;1701;612;618" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<compiler extension=".vb" language="vb;vbs;visualbasic;vbscript" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008,40000,40008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</compilers>
</system.codedom>
</configuration>