【问题标题】:forms authentication gives a too long query string [duplicate]表单身份验证提供了太长的查询字符串 [重复]
【发布时间】:2014-10-06 15:18:58
【问题描述】:

我正在尝试进行(临时)登录,将用户存储在我的 web.config 文件中。 将拒绝添加到 web.config 文件后,它给了我这个错误

HTTP 错误 404.15 - 未找到 请求过滤模块配置为拒绝查询字符串过长的请求。

网址是这样的

http://localhost/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAccount%252525252525252525252525252525252525252FLogin%252525252525252525252525252525252525253FReturnUrl%252525252525252525252525252525252525253D%25252525252525252525252525252525252525252F

(不否认它设置了cookie,但我仍然可以访问所有页面)

这就是它在我的 web.config 中的样子

    <authentication mode="Forms">
  <forms loginUrl="~/Account/Login" name=".ASPXAUTH" slidingExpiration="true" timeout="1440" path="/" defaultUrl="~/">
    <credentials passwordFormat="Clear">
      <user name="matchUser80" password="123Match789"/>
    </credentials>
  </forms>
</authentication>

<authorization>
  <deny users="?" />
</authorization>

还有我的控制器

        [HttpPost]
    public ActionResult Login(LoginModel model, string returnUrl)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }

        if (FormsAuthentication.Authenticate(model.UserName, model.Password))
        {
            FormsAuthentication.SetAuthCookie(model.UserName, false);
            FormsAuthentication.RedirectFromLoginPage(model.UserName, false);
            if (returnUrl != null)
            {
                return Redirect(returnUrl);
            }
            return View();
        }

        ModelState.AddModelError(string.Empty, "Wrong username or password");
        return View(model);
    }

我正在使用 MVC 5。

【问题讨论】:

    标签: asp.net-mvc authentication


    【解决方案1】:

    您应该使用属性而不是 web.config 配置来授权您的 mvc 应用程序。 Web 配置配置只能用于 Web 表单应用程序。

    使用[AllowAnonymous] 属性装饰您的登录操作(获取和发布版本)。

    其他控制器的用户[Authorize] 属性。

    阅读this article 了解如何保护您的 mvc 应用程序。

    更新

    我使用默认的 mvc 项目在本地重现了您的问题,并且在我的 web.config 中有这个问题:

    <system.webServer>
        <modules>
          <remove name="FormsAuthentication" />
        </modules>
    </system.webServer>
    

    在我评论了&lt;remove name="FormsAuthentication" /&gt; 部分后,一切都开始工作了

    【讨论】:

    • 谢谢,但我尝试将 [Authorize] 放在我的控制器上,但即使我登录了,我也无法访问它。我用这个创建了一个 cookie:FormsAuthentication.SetAuthCookie(model.UserName, false );但 [Authorize] 不检查我的 cookie。我不应该使用 SetAuthCookie 吗?
    • @WIRN 您还必须将 [AllowAnonymous] 放在非授权用户应该可以访问的操作方法上。
    • 是的,我已经这样做了,否则我无法使用 SetAuthCookie(在我的登录控制器上调用)创建 cookie
    • @WIRN 从 web.config 对用户进行身份验证使用 FormsAuthentication.Authenticate(name, password) end 然后 FormsAuthentication.RedirectFromLoginPage(name, false);
    • @WIRN 我认为你不必使用 SetAuthCookie
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2016-12-25
    • 1970-01-01
    • 2015-11-01
    • 1970-01-01
    • 2019-10-29
    • 1970-01-01
    • 2012-03-18
    相关资源
    最近更新 更多