旁路窗体身份验证自动重定向到登录，如何？ [英] Bypass Forms Authentication auto redirect to login, How to?

问题描述

我正在写使用asp.net-MVC部署到IIS6的应用程序。我使用窗体身份验证。通常，当用户试图未经适当授权访问某个资源，我希望他们被重定向到一个登录页面。 FormsAuth做到这一点对我来说很容易的。

I'm writing an app using asp.net-mvc deploying to iis6. I'm using forms authentication. Usually when a user tries to access a resource without proper authorization I want them to be redirected to a login page. FormsAuth does this for me easy enough.

问题：现在我有一个控制台应用程序正在访问一个动作。请告诉我有这个动作响应瓦特/状态401，而不是重定向请求到登录页面的最快方法？

Problem: Now I have an action being accessed by a console app. Whats the quickest way to have this action respond w/ status 401 instead of redirecting the request to the login page?

我要的控制台应用程序，以便能够以这种状态401 code，而不是它是透明的反应。我也想保持默认，重定向越权的请求到登录页面的行为。

I want the console app to be able to react to this 401 StatusCode instead of it being transparent. I'd also like to keep the default, redirect unauthorized requests to login page behavior.

请注意：作为一个测试，我已将此添加到我的Global.asax中，它没有超越窗体身份验证：

Note: As a test I added this to my global.asax and it didn't bypass forms auth:

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
    HttpContext.Current.SkipAuthorization = true;
}

---

@Dale和安迪

---

@Dale and Andy

我使用MVC中的preVIEW 4.提供的AuthorizeAttributeFilter这是返回一个HttpUnauthorizedResult。这一结果状态code正确设置为401问题，据我了解，是asp.net被拦截的响应（因为它作为一个401功能标签），并重定向到登录页面，而不是仅仅让它经过。我想绕过这个拦截了某些网址。

I'm using the AuthorizeAttributeFilter provided in MVC preview 4. This is returning an HttpUnauthorizedResult. This result is correctly setting the statusCode to 401. The problem, as i understand it, is that asp.net is intercepting the response (since its taged as a 401) and redirecting to the login page instead of just letting it go through. I want to bypass this interception for certain urls.

推荐答案

好吧，我努力解决这个问题。我做了一个自定义的ActionResult（HttpForbiddenResult）和自定义ActionFilter（NoFallBackAuthorize）。

Ok, I worked around this. I made a custom ActionResult (HttpForbiddenResult) and custom ActionFilter (NoFallBackAuthorize).

要避免重定向，HttpForbiddenResult标志着状态code反应403 FormsAuthentication没有赶上这个code反应所以登录重定向有效地跳过。所述NoFallBackAuthorize滤波器检查是否该用户被授权很像，包括，授权滤波器。不同之处在于它返回HttpForbiddenResult当访问被拒绝。

To avoid redirection, HttpForbiddenResult marks responses with status code 403. FormsAuthentication doesn't catch responses with this code so the login redirection is effectively skipped. The NoFallBackAuthorize filter checks to see if the user is authorized much like the, included, Authorize filter. It differs in that it returns HttpForbiddenResult when access is denied.

该HttpForbiddenResult为pretty琐碎的：

The HttpForbiddenResult is pretty trivial:

public class HttpForbiddenResult : ActionResult
{
    public override void ExecuteResult(ControllerContext context)
    {
    	if (context == null)
    	{
    		throw new ArgumentNullException("context");
    	}
    	context.HttpContext.Response.StatusCode = 0x193; // 403
    }
}

有没有出现有可能跳过FormsAuthenticationModule登录页面重定向。

It doesn't appear to be possible to skip the login page redirection in the FormsAuthenticationModule.

这篇关于旁路窗体身份验证自动重定向到登录，如何？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！