ASP.NET登录重定向循环当用户不在角色 [英] ASP.NET Login Redirect Loop when user not in role
问题描述
我在一个位在ASP.NET MVC实现角色5.我试图登录为不具有访问我想要的应用领域需要角色的用户绑定的达到。我期望在这个场景中,我重定向到登录页面了一遍,将是直到我进入一个组确实有访问凭据,或者我浏览到应用程序的另一个领域。
什么是实际发生的是,应用程序通过揭示登录行动被称为多次出现进入登录重定向循环,调试。
下面是登录操作:
[使用AllowAnonymous]
公众的ActionResult登录(字符串RETURNURL)
{
ViewBag.ReturnUrl = RETURNURL;
返回查看();
}
这将导致IIS生成一个错误:
HTTP错误404.15 - 未找到
请求滤波模块配置为拒绝请求,其中所述查询字符串太长。
查询字符串看起来是这样的:
<$p$p><$c$c>http://localhost/MyApplication/Account/Login?ReturnUrl=%2FMyApplication%2FAccount%2FLogin%3FReturnUrl%3D%252FMyApplication%252FAccount%252FLogin%253FReturnUrl%253D%25252FMyApplication%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FMyApplication%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FMyApplication%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FMyApplication%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FMyApplication%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FMyApplication%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FMyApplication%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FMyApplication%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FMyApplication%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FMyApplication%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FMyApplication%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FMyApplication%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FMyApplication%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FMyApplication%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FMyApplication%252525252525252525252525252525252F我已经实现了从工作的解决方案去我目前的形势破碎唯一的变化(尽管没有基于角色的授权)的补充说,我重定向到一个成功登录控制器上面以下内容:
[授权(角色=员工)]
正如我所说previously,我登录的用户是不是在这个角色,但我希望一个健全的,单一的重定向到登录,没有循环。
编辑:请BU @dima,通过过滤器适用的授权细节......我有以下几点:
公共类一个FilterConfig
{
公共静态无效RegisterGlobalFilters(GlobalFilterCollection过滤器)
{
filters.Add(新HandleErrorAttribute());
filters.Add(新AuthorizeAttribute());
}
}
不过,我已经测试的应用程序使用和不使用这条线已经到位,重定向循环有增无减。
虽然这个问题是旧的,我有同样的问题,并找到解决方案。
我本来添加相同AuthorizationAttribute过滤器,发现自己在同一个循环。然后,我把它拿走,并开始添加授权属性各控制器,发现添加授权属性来我家的控制器时,无限循环只是发生。事实证明,我的的HomeController 被越来越名为的之后的我的的AccountController 。
问题
在我的 _Layout.cshtml ,我打电话以下内容:
@ Html.Action(LeftNav,家)
布局页面将正确地呈现身体,但是当它得到了这一点,有人打了有一个授权属性的控制器方法。这导致重定向到帐户/登录。
添加使用AllowAnonymous 属性添加到 LeftNav 行动解决了问题。
解决方案
请确保您的登录视图和布局不叫有一个授权属性的任何行动。
自从发现这个,我创建了一个自定义布局为我的授权请求,以避免任何这样的更多的潜在问题。
I'm in a bit of a bind with implementing Roles in ASP.NET MVC 5. I am attempting to log in as a user that does not have a role required to access the area of the application I'm trying to reach. What I would expect in this scenario is, I'm redirected to the login page again, and will be until I enter a set of credentials that do have access or I navigate to another area of the application.
What is actually happening is that the application appears to go into a login redirect loop, debugging through reveals that the Login action is being called multiple times.
Here is the login action:
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
This results in an error generated by IIS:
HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.
The query string looks like this:
http://localhost/MyApplication/Account/Login?ReturnUrl=%2FMyApplication%2FAccount%2FLogin%3FReturnUrl%3D%252FMyApplication%252FAccount%252FLogin%253FReturnUrl%253D%25252FMyApplication%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FMyApplication%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FMyApplication%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FMyApplication%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FMyApplication%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FMyApplication%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FMyApplication%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FMyApplication%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FMyApplication%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FMyApplication%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FMyApplication%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FMyApplication%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FMyApplication%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FMyApplication%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FMyApplication%252525252525252525252525252525252F
The only change I've made going from a working solution (albeit without role based authorization) to my current broken situation is adding the following above the controller that I'm redirected to on a successful login:
[Authorize(Roles = "Staff")]
As I said previously, the user I'm logging in as is not in this role, but I would expect a sane, single redirect to Login, without the looping.
Edit: requested bu @dima, the details of authorization applied through filters... I have the following:
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new AuthorizeAttribute());
}
}
However, I have tested the application with and without this line in place and the redirect loop continues unabated.
While this question is old, I had the same problem and found a solution.
Originally, I had added the same AuthorizationAttribute filter, and found myself in the same loop. I then took it away and began adding the authorize attribute to individual controllers, and found that the infinite loop only happened when adding the authorize attribute to my home controller. It turns out my HomeController was getting called after my AccountController.
The Problem
In my _Layout.cshtml, I was calling the following:
@Html.Action("LeftNav", "Home")
The layout page would correctly render the body, but when it got to this, it was hitting a controller method that had an authorization attribute. This caused the redirect to the Account/Login.
Adding the AllowAnonymous attribute to the LeftNav action resolved the issue.
The Solution
Make sure your Login view and layouts do not call any actions that have an authorize attribute.
Since discovering this, I've created a custom layout for my unauthorized requests to avoid any more potential issues like this.
这篇关于ASP.NET登录重定向循环当用户不在角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
