上使用AllowAnonymous行动ASP.net MVC 4全球授权过滤器强制登录 [英] ASP.net MVC 4 global Authorize filter forcing login on an AllowAnonymous action
问题描述
在我的.NET MVC 4,我为了保证我的控制器中加入一个全球性的过滤器。
这是通过使用完成的:
公共静态无效RegisterGlobalFilters(GlobalFilterCollection过滤器)
{
filters.Add(新HandleErrorAttribute());
filters.Add(新System.Web.Mvc.AuthorizeAttribute());
}
这是从我的Global.cs类调用。
我的web.config文件中包含一个标准配置:
<身份验证模式=表格>
<形式loginUrl =〜/帐号/登录超时=2880/>
< /认证>
我的登录操作饰有 [使用AllowAnonymous]
,以允许匿名用户登录。
到目前为止好,一切都很正常。这是我的登录操作:
[使用AllowAnonymous]
公众的ActionResult登录(字符串RETURNURL)
{
ViewBag.ReturnUrl = RETURNURL;
返回查看();
}
现在,我想补充这也就像登录页面应提供给匿名用户重置密码的页面。我创造了我的动作(登录操作的同一控制下),并用 [使用AllowAnonymous]
装璜吧:
[使用AllowAnonymous]
公众的ActionResult ResetPasswordForUser(字符串消息=)
{
ViewBag.message =消息;
返回查看();
}
然后创建相应的视图。
我添加此链接到我的登录页面:
@ Html.ActionLink(忘记密码?,ResetPasswordForUser,帐户)
在运行时,当我使用匿名用户点击这个链接我也得到了ResetPasswordForUser行动,但返回登录动作被调用的观点时,我永远无法真正得到所需的视图。出于某种原因,我请求被即使我使用[使用AllowAnonymous]装修截获。
我失去了一些东西在这里?
在此先感谢
UPDATE1:
根据达林季米特洛夫要求加入我的ResetPasswordForUser观点:
@using TBS.Models
@model TBS.ViewModels.ResetPasswordForUserViewModel@ {
ViewBag.Title =重置密码;
}@using(Html.BeginForm())
{
@ Html.ValidationSummary(真) <表类=编辑表镶上圆润的风格=宽度:400像素>
&所述; TR>
< TD类=标签TD>
@ Html.LabelFor(M = GT; m.Username)
< / TD>
&所述; TD> @ Html.TextBoxFor(M = GT; m.Username)
@ Html.ValidationMessageFor(型号=> model.Username)
< / TD>
< / TR>
&所述; TR>
< TD类=标签TD>
@ Html.LabelFor(M = GT; m.Password)
< / TD>
&所述; TD>
@ Html.Password(密码)
@ Html.ValidationMessageFor(型号=> model.Password)
< / TD>
< / TR>
&所述; TR>
< TD合并单元格=2的风格=文本对齐:中心>
<输入类型=提交值=重置/>
< / TD>
< / TR>
< /表>
}
有没有可能是由 ResetPasswordForUser
视图中使用的_layout文件在您的控制器调用一个Action(例如,在一个菜单吗?)还没有被饰以使用AllowAnonymous
?
这会导致此类行为。
In my .NET MVC 4 I'm adding a global filter in order to secure my controllers. This is done using:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
}
Which is invoked from my Global.cs class.
My Web.config file contains a standard configuration:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
My Login action is decorated with [AllowAnonymous]
in order to allow anonymous users to login.
So far so good, everything works great. Here is my Login action:
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
Now, I wanted to add a reset-password page which also just like the login page should be available to anonymous users. I created me action (under the same controller of the Login action) and decorated it with the [AllowAnonymous]
decoration:
[AllowAnonymous]
public ActionResult ResetPasswordForUser(string message = "")
{
ViewBag.message = message;
return View();
}
Then created the corresponding view.
I added this link to my Login page:
@Html.ActionLink("Forgot your password?", "ResetPasswordForUser", "Account")
In runtime, as I click this link using an anonymous user I do get to the ResetPasswordForUser action, but when returning the view the Login action gets invoked and I can never actually get to the desired view. For some reason my request gets intercepted even though I'm using the [AllowAnonymous] decoration.
Am I missing something here?
Thanks in advance
Update1:
As per Darin Dimitrov request adding my ResetPasswordForUser view:
@using TBS.Models
@model TBS.ViewModels.ResetPasswordForUserViewModel
@{
ViewBag.Title = "Reset Password";
}
@using (Html.BeginForm())
{
@Html.ValidationSummary(true)
<table class="edit-table rounded bordered" style="width: 400px">
<tr>
<td class="label-td">
@Html.LabelFor(m => m.Username)
</td>
<td>
@Html.TextBoxFor(m => m.Username)
@Html.ValidationMessageFor(model => model.Username)
</td>
</tr>
<tr>
<td class="label-td">
@Html.LabelFor(m => m.Password)
</td>
<td>
@Html.Password("Password")
@Html.ValidationMessageFor(model => model.Password)
</td>
</tr>
<tr>
<td colspan="2" style="text-align: center">
<input type="submit" value="Reset" />
</td>
</tr>
</table>
}
Is it possible that the _Layout file used by the ResetPasswordForUser
view is invoking an Action in your Controller (e.g. in a menu?) that hasn't been decorated with AllowAnonymous
?
This would cause this type of behaviour.
这篇关于上使用AllowAnonymous行动ASP.net MVC 4全球授权过滤器强制登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!