AuthorizeAttribute不工作,如果URL具有查询字符串? [英] AuthorizeAttribute not working if URL has query string?
问题描述
在一个ASP.NET MVC3 Web应用程序,一个完整的控制器连接到它的 [授权] 属性。因此,如果用户没有登录或会话过期,他们重定向到登录页面。这是工作......有时。在工程名单中的URL下面正确重定向到登录页面;在不工作名单中的URL,而不是显示IIS 401错误屏幕 - 他们不重定向到登录页面
In an ASP.NET MVC3 web application, an entire controller has an [Authorize] attribute attached to it. So if the user is not logged in or the session expired, they get redirected to the login page. This is working...sometimes. The URLs in the "works" list below correctly redirect to the login page; the URLs in the "does not work" list instead show the IIS 401 error screen - they do not redirect to the login page.
作品
- HTTP://x.y.z/MyController/MyAction
- HTTP://x.y.z/MyController/MyAction/123
- 的http:// XYZ / myController的/ MyAction / 123 X = Y
- http://x.y.z/MyController/MyAction
- http://x.y.z/MyController/MyAction/123
- http://x.y.z/MyController/MyAction/123?X=Y
不起作用
- 的http:// XYZ / myController的/ MyAction / 123 = RETURNURL
- 的http:// XYZ / myController的/ MyAction / 123 = RETURNURL XYZ
- http://x.y.z/MyController/MyAction/123?ReturnUrl=
- http://x.y.z/MyController/MyAction/123?ReturnUrl=XYZ
为 MyAction 操作模型有一个公共字符串RETURNURL {搞定;组; } 在其基类。它也有其他的特性,但添加这些到查询字符串不影响登录重定向。这似乎是只有RETURNURL参数。
The model for the MyAction action has a public string ReturnUrl { get; set; } in its base class. It also has other properties, but adding those to the query string does not affect the login redirection. It seems to be only the ReturnUrl parameter.
我不知道看还有什么成。任何想法,为什么 RETURNURL 参数会带来麻烦?
I'm not sure what else to look into. Any ideas why the ReturnUrl parameters would be causing trouble?
路线
routes.MapRoute("Default-Title-ID", "{Controller}/{Action}/{Title}_{ID}", namespaces);
routes.MapRoute("Default-ID", "{Controller}/{Action}/{ID}", namespaces);
routes.MapRoute("Default", "{Controller}/{Action}", new { Controller = "Home", Action = "Index" }, namespaces);
routes.MapPageRoute("Reports-View", "ViewReport_{ID}", "~/Views/Reports/View.aspx");
工作实例(好吧,不可以的工作,但足以说明问题)。
Working Example (Well, not working, but illustrates the problem.)
在这里下载的解决方案: https://docs.google.com /文件/ D / 0B4o6vqgNLpvbeVo4bVdKZWFMcEE /编辑?USP =共享
Download the solution here: https://docs.google.com/file/d/0B4o6vqgNLpvbeVo4bVdKZWFMcEE/edit?usp=sharing
,然后尝试访问:
- http://your.local.host/Test/TestMe?ReturnUrl= - 你会的不可以被重定向到登录页面
- http://your.local.host/Test/TestMe - 您将被重定向到登录页面。
- http://your.local.host/Test/TestMe?ReturnUrl= - you will not be redirected to the login page.
- http://your.local.host/Test/TestMe - you will be redirected to the login page.
推荐答案
我想张贴此作为一个评论,但我是太长。我需要一个动态的重定向我的应用程序之一,并使用了以下解决方案(它使用调用它,而不是在web.config中的静态URL的控制器)。当你的榜样测试此,它修复该问题。但我想不出为什么。也许它会导致你在正确的道路或者其他人可以澄清一下。
I wanted to post this as a comment, but I is too long. I needed a dynamic redirect for one of my apps, and used the following solution (it uses the controller that called it instead of the static URL in web.config). When testing this with your example, it fixes the issue. But I can not figure out why. Maybe it will lead you to the right path or someone else can clarify.
using System.Web.Mvc;
using System.Web.Routing;
namespace MvcApplication1.App_Start
{
public class LoginRequiredAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary
{
{ "controller", filterContext.RouteData.Values[ "controller" ] },
{ "action", "Login" },
{ "ReturnUrl", filterContext.HttpContext.Request.RawUrl }
});
}
}
}
}
然后,只需更改为使用新属性的操作:
Then just change the action to use the new attribute:
[LoginRequired]
public ActionResult TestMe()
这篇关于AuthorizeAttribute不工作,如果URL具有查询字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
