使用指向POST操作的ReturnUrl登录:FAIL！ [英] Logging in with a ReturnUrl pointing to a POST action: FAIL!

问题描述

我有一个Asp.Net MVC项目，该项目具有典型的表单身份验证，可在成功登录后将用户重定向到页面.如果查询字符串中包含ReturnUrl，它将把用户重定向到ReturnUrl.

I have an Asp.Net MVC project with the typical forms authentication that redirects the user to a page upon successful login. If there is a ReturnUrl in the querystring it will redirect the user to the ReturnUrl.

当登录的用户坐在页面上足够长的时间使他们的登录超时然后将表单提交给服务器时，就会出现问题.由于现在不再对用户进行身份验证，它将迫使用户再次登录.但是，ReturnUrl指向的操作仅接受POST方法，并且在重定向后会引发异常.

Problem comes when a logged in user sits on a page long enough for their login to time out and then submits the form causing a post to the server. Since the user is now no longer authenticated it'll force the user to log in again. However the ReturnUrl would point to an action that only accepts the POST method and would throw an exception after being redirected.

是否可以解决此问题?

推荐答案

您必须创建一个相同的GET操作并将其重定向回他们填写的表单.问题是重定向到ReturnUrl的操作是GET，而不是POST，因此出错.

You have to create an identical GET action and redirect it back to the form they were filling out. The problem is that the redirect to the ReturnUrl is doing a GET, not a POST, hence the error.

示例:

[AcceptVerbs(HttpVerbs.Get)]
public ActionResult SomeFormAction()
{ 
    //redirect them back to the original form GET here 
    RedirectToAction(stuffhere);
}

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult SomeFormAction(FormCollection collection)
{ 
    //this is your original POST 
}

这篇关于使用指向POST操作的ReturnUrl登录:FAIL！的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！