【问题标题】:ASP.Net 4.5 Forms Authentication / Authorization not workingASP.Net 4.5 表单身份验证/授权不起作用
【发布时间】:2016-02-23 23:58:39
【问题描述】:

我从一个带有个人帐户的默认 WebForms 项目开始。我有一堆使用数据库连接构建的内容。我想将所有内容限制为经过身份验证的用户,除了 default.aspx

我已经在我的 SQL 数据库中成功建立了 Identity 表结构,并且可以“注册”新用户。这一切都很好。但是,当我将身份验证设置添加到下面的 web.config 时,一切都会中断。

<system.web>
    <authentication mode="Forms">
        <forms name=".FormsAuth" loginUrl="Login.aspx" protection="All" slidingExpiration="false" requireSSL="false" />
    </authentication>

    <authorization>
        <deny users="?"/>
    </authorization>
</system.web>
<location path="Default.aspx">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

我希望这允许我查看我的 Default.aspx 页面并在我离开它时重定向。相反,我尝试重定向到 \account\login 并失败并显示此消息。

HTTP 错误 404.15 - Not Found 请求过滤模块是 配置为拒绝查询字符串过长的请求。

ReturnURL 很大,似乎在重复。我试过四处寻找从头开始的例子,但没有找到一个有效的例子。这应该很简单。

http://localhost:58573/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FDefault

【问题讨论】:

  • 您提供的代码中似乎多了一个&lt;/system.web&gt;。如果这些是您添加的行,那么您可能正在关闭一些现有的 &lt;system.web&gt; 标记太快
  • 谢谢 - 很抱歉这实际上不在我的项目中。我将其从示例中删除。根据您的评论,我尝试将身份验证和位置标签移动到主 system.web 部分,但我仍然遇到同样的问题。
  • 谢谢 - 我使用的不是 MVC 表单。我确实看了一下,那些 .dll 不在我的 bin 文件夹中。
  • 第二次认为它的行为类似于建议文章中的症状。如果我将 loginURL 更改为其他内容,它会忽略新页面名称并仍重定向到 /Account/Login?用那个长查询字符串...

标签: c# asp.net forms-authentication


【解决方案1】:

我想通了。我不得不从 web.config 中删除一般的“拒绝所有匿名”声明:

 <!--<authorization>
        <deny users="?"/>
      </authorization>-->

...我试图用它来限制除登录页面之外的所有内容。 我将所有内容移到了几个子文件夹中,然后使用位置标签和相同的拒绝用户声明将它们调出。

<location path="System">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
    <location path="Reports">
      <system.web>
        <authorization>
          <deny users="?"/>
        </authorization>
      </system.web>
  </location>

此时它似乎“正常”工作,如果未通过身份验证,现在会将用户重定向到 login.aspx。

【讨论】:

    【解决方案2】:

    \account\login.aspx 由于 web.config 而被拒绝。 ...

    <authorization>
        <deny users="?"/>
    </authorization>
    

    当你重定向到登录页面时,由于禁止匿名访问,你又被重定向到登录页面,导致递归。 可以在account文件夹下创建web.config,内容如下:

    <system.web>
    <authorization>
        <allow users="*"/>
    </authorization>
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-08-07
      • 1970-01-01
      相关资源
      最近更新 更多