我正在开发一个新的ASP.NET应用程序。在IIS8上,如果我禁用匿名访问并启用基本或Windows身份验证,它将进入无限重定向循环并在浏览器中断循环后登陆以下URL:
https://XXXXXX.com/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252F
凭据框永远不会弹出。可能有什么不对?
我修好了它。首先要做的是在IIS和Visual Studio项目上启用Windows auth并禁用匿名(在解决方案资源管理器和属性窗口中选择根项目节点以禁用匿名访问并启用Windows身份验证)。接下来,将以下行添加到web.config:
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
接下来打开App_Start / Startup.Auth.cs并注释掉(或删除)以下内容:
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
接下来,发布到您的网络服务器,您应该能够登录没有该重定向错误!
通过禁用匿名访问,使得login
不允许首先进行身份验证的页面。
因此系统尝试通过在登录页面上重定向来验证用户,但由于不能允许登录页面,因此在此循环中感觉永远。
可以在您的machine.config文件中或在您的全局web.config中,使用此URL作为身份验证页面启用表单身份验证。
检查IIS应用程序池中的“空闲超时”分钟,高级设置。如果它不超过系统会话超时,则将其设置为更多的数字。
例如,如果您将会话超时值设置为30,则将IIS应用程序池中的“空闲超时”小步骤设置为超过30%。 IIS应用程序池中的默认“空闲超时”小步通常为20。
我有同样的问题,但我只是通过在我的登录控制器之前添加[AllowAnonymous]来修复它。它可能对每个人都不起作用,但也许就是这样。