ASP.Net 4.5表单身份验证/授权无效

问题描述 投票:0回答:2

我开始使用个人帐户的默认WebForms项目。我有一堆内容,我用数据库连接建立。我想将所有内容限制为经过身份验证的用户,但default.aspx除外

我已经在我的SQL数据库中成功建立了Identity表结构,并且可以“注册”新用户。一切正常。但是,当我将身份验证设置添加到web.config时,请参阅下面的内容。

<system.web>
    <authentication mode="Forms">
        <forms name=".FormsAuth" loginUrl="Login.aspx" protection="All" slidingExpiration="false" requireSSL="false" />
    </authentication>

    <authorization>
        <deny users="?"/>
    </authorization>
</system.web>
<location path="Default.aspx">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

我希望这能让我查看我的Default.aspx页面并重定向,如果我离开它。相反,我尝试重定向到\account\login并失败并显示此消息。

HTTP错误404.15 - 未找到请求筛选模块配置为拒绝查询字符串太长的请求。

ReturnURL是巨大的,似乎重演。我已经尝试过从头开始寻找一个例子,但没有找到一个有效的。这应该很简单。

http://localhost:58573/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FDefault

c# asp.net forms-authentication
2个回答
0
投票

我想通了。我不得不从web.config中删除一般的“拒绝所有匿名”声明:

 <!--<authorization>
        <deny users="?"/>
      </authorization>-->

...我试图用来限制除登录页面以外的所有内容。我将所有内容移动到几个子文件夹中,然后使用位置标记和相同的拒绝用户语句调出它们。

<location path="System">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
    <location path="Reports">
      <system.web>
        <authorization>
          <deny users="?"/>
        </authorization>
      </system.web>
  </location>

此时它似乎正在“正常”工作,现在如果未经过身份验证,则会将用户重定向到login.aspx。

0
投票

由于web.config,\ account \ login.aspx被拒绝。 ...

<authorization>
    <deny users="?"/>
</authorization>

当您重定向到登录页面时,由于禁止匿名访问,您将再次重定向到登录页面,从而导致递归。您可以在帐户文件夹中创建web.config。内容如下:

<system.web>
<authorization>
    <allow users="*"/>
</authorization>

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.