在登录时已经登录过程中处理反伪造的错误? ASP.NET MVC [英] Handle Anti forgery errors during logging in while already Logged in? ASP.NET MVC
问题描述
当一个用户登录后,进入登录页面时左右。如果他试图再次登录你反伪造错误。
When a user is Logged in, and goes to Login Page while so. If he tries to login again you get Anti forgery Error.
的防伪标记不能被解密。如果此应用程序由Web场或群集承载,确保所有机器都运行ASP.NET Web页的相同版本和配置指定明确的加密和验证密钥。自动生成不能在集群中使用。
The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
错误的另一种类型,我得到的是:
Another type of error I get is:
所提供的防伪标记是为那些比当前用户不同的基于声明的用户。
The provided anti-forgery token was meant for a different claims-based user than the current user.
如何处理这种反伪造错误?
How to handle this Anti forgery Errors?
推荐答案
创建动作过滤器inhering HandleErrorAttribute如下面的例子。然后,你可以检查请求和处理错误。
Create action filter inhering HandleErrorAttribute as following example. Then you can check the request and handle the error.
public class AntiForgeryHandleErrorAttribute : HandleErrorAttribute
{
public override void OnException(ExceptionContext context)
{
if (context.Exception is HttpAntiForgeryException)
{
var url = string.Empty;
if (!context.HttpContext.User.Identity.IsAuthenticated)
{
var requestContext = new RequestContext(context.HttpContext, context.RouteData);
url = RouteTable.Routes.GetVirtualPath(requestContext, new RouteValueDictionary(new {Controller = "User", action = "Login"})).VirtualPath;
}
else
{
context.HttpContext.Response.StatusCode = 200;
context.ExceptionHandled = true;
url = GetRedirectUrl(context);
}
context.HttpContext.Response.Redirect(url, true);
}
else
{
base.OnException(context);
}
}
private string GetRedirectUrl(ExceptionContext context)
{
try
{
var requestContext = new RequestContext(context.HttpContext, context.RouteData);
var url = RouteTable.Routes.GetVirtualPath(requestContext, new RouteValueDictionary(new { Controller = "User", action = "AlreadySignIn" })).VirtualPath;
return url;
}
catch (Exception)
{
throw new NullReferenceException();
}
}
}
这是我的榜样,记住你必须处理您的重定向部分取决于您的要求和需求。
This is my example, remember you have to handle your redirect sections depends on your request and requirements.
然后登录
[HttpPost]
[AllowAnonymous]
[AntiForgeryHandleError]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(UserLoginViewModel model, string returnUrl)
{
//Your code...
}
编辑发表评论
使用另一个控制器/行动AlreadySignIn()
Use another controller / action as AlreadySignIn()
控制器code
public ActionResult AlreadySignIn()
{
return View();
}
的Razor视图
Razor View
@using Microsoft.AspNet.Identity
@{
ViewBag.Title = "Switch Accounts";
Layout = "~/Views/Shared/_LayoutLoginRegister.cshtml";
}
<div class="col-md-12">
<div class="block-flat text-center" style="padding: 20px; margin-bottom: 0; padding-bottom: 0;">
<i class="glyphicon glyphicon-user"></i>
<br />
<label style="padding-bottom: 10px; padding-top: 10px">You're already signed in as <strong>@User.Identity.Name</strong></label>
<label style="padding-bottom: 5px; padding-top: 5px">@Html.ActionLink("Remain signed in with this account.", "Login", "User", routeValues: null, htmlAttributes: new { id = "loginLink" })</label>
<label style="padding-bottom: 5px; padding-top: 2px">@Html.ActionLink("Click here to sign out and sign with a different account", "LogOff", "User", routeValues: null, htmlAttributes: new { id = "loginLink" })</label>
</div>
</div>
希望这有助于。
这篇关于在登录时已经登录过程中处理反伪造的错误? ASP.NET MVC的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
