ASP.NET中基于角色的身份验证没有登录错误文本 [英] No login error text for role based authentication in ASP.NET

问题描述

我有一个基于ASP.NET角色/会员资格的表单身份验证网站.有一个子文件夹及其页面，只有特定角色才能访问.问题是，如果来自不允许的角色组的任何用户登录页面，登录页面都不会显示任何错误消息.我的意思是，当来自AllowedRole的用户登录时，登录页面将用户正确重定向到受保护页面，但是当来自NonAllowedRole的用户尝试登录时，他/她正确登录，但没有显示错误消息，该用户返回了到登录页面，没有任何信息.我确实在登录表单中设置了FailureText，但未显示. loginForm.LoginError事件也不会引发.我尝试了这段代码，但也没有显示:

I have an ASP.NET Role/Membership based forms authentication site. There's a subfolder and its pages which can be accessed only by a certain role. The problem is, login page does not display any error message if any user from non-allowed role group logins in login page. I mean, when a user from AllowedRole logins, the login page redirects the user correctly to the protected page, but when a user from NonAllowedRole tries to login, he/she correctly logs in but there are no error messages displayed, the user is back to the login page without any information. I do have a FailureText set in Login form but it's not displayed. loginForm.LoginError event is also doesn't get raised. I tried this code but it doesn't display either:

protected void frmLogin_LoggedIn(object sender, EventArgs e)
        {
            if (!User.IsInRole("AllowedRole"))
                frmLogin.FailureText = "Access denied.";
                //Label1.Text = "Access denied."; //doesn't work either
        }

我在做什么错了?

推荐答案

我不知道在哪里可以找到支持此要求的文档.这个答案是基于对我所见过的io应用程序的行为的观察.

I don't know where to find the documentation to support this. This answer is based on observation of the behavior I've seen io apps I've written.

登录页面被排除在允许的访问规则之外.它一定是.假设您有一个站点，整个站点都禁止匿名用户，即使在根级别也是如此.用户需要能够访问登录页面才能登录.

The login page is exluded from the allowed access rules. It needs to be. Say you have a site where the whole site disallows anonymous users, even at the root level. The users need to be able to access the login page to be able to log in.

要解决难题，您需要添加标签(我称其为lblError)，然后在Page_Load中添加以下内容(C#示例代码):

To resolve your dilemma you would need to add a label (I would call it lblError) and in your Page_Load, add the following (C# example code):

if(User.IsLoggedIn)
{
   If(!User.IsInRole("AllowedRole")
   {
      lblError.Text = "Access denied.";
   }


}

已添加

Added

请多加考虑，登录页面中没有错误的原因是，当用户尝试访问受保护页面而不是登录页面中时，发生了错误.

Gving this more thought, the reason there is no error in the login page is that the error is happening when the user attempts to access the protected page, not within the login page.

但是，我相信我的建议也将适用于您的情况.

However, I believe my suggestion will work for your situation as well.

这篇关于ASP.NET中基于角色的身份验证没有登录错误文本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！