未经授权的请求不会重定向与RETURNURL查询字符串参数到登录页面 [英] Unauthorized request does not redirect to login page with returnUrl query string parameter
问题描述
在我MVC3应用程序,MembersController装饰着[授权]属性。
In my MVC3 app, MembersController is decorated with an [Authorize] attribute.
MembersController有一个名为我的页面的动作。由于授权控制器上的属性,我的编目只能由授权的用户要求。
MembersController has an Action called MyPage. Due to the Authorize attribute on the controller, MyPage can only be requested by authorized users.
当非授权用户试图请求/成员/我的页面它们被正确地重定向到登录页面。
When an unauthorized user tries to request /Members/MyPage they are correctly redirected to the Login page.
不过,RETURNURL参数不传递到登录页面,因此当用户进行身份验证,他们采取默认页面(可以称之为/成员/主页),而不是/成员/我的页面。
However, the ReturnUrl parameter is not passed into the login page, so when the user authenticates, they are taken to the default page (lets call it /Members/Home) instead of /Members/MyPage.
为什么?!
在另一个应用程序,在MVC2发达,RETURNURL QS参数是存在的,按预期工作。
In another app, developed in MVC2, the returnUrl QS parameters is there and works as expected.
装饰两个控制器和行动时,Autorize属性被忽略。
The Autorize attribute is being ignored when decorating both controllers and actions.
web.config中的部分不能正常.NET 3.5和.NET 4之间更新,请参见下面的答案。
Sections of web.config not properly updated between .NET 3.5 and .NET 4. See answers below.
推荐答案
@Marcind把我在正确的轨道上,@Darin季米特洛夫的回答很有启发所涉及的过程。
@Marcind put me on the right track, @Darin Dimitrov's answer very instructive of the process involved.
看来,问题涉及到合并现有的Web窗体.NET 3.5的应用程序到.NET 4.0的应用程序时,我没有正确更新web.config文件。我不记得我是怎么了这一点。
It seems that the issue was related to a web.config that I did not update properly when merging an existing Web Forms .NET 3.5 app to a .NET 4.0 app. I can't recall how I went about this.
总之,通过比较我与一个新的MVC 3 web.config文件的应用程序的web.config中,我能找到额外的位,不应该一直存在,从3.5遗留下来的。
Anyway, by comparing the web.config of my app with a new MVC 3 web.config, I was able to find the extra bits that should not have been there, left over from 3.5 days.
这个问题是通过纠正在&lt位解决形式GT;标签在web.config中,以及在<&籍GT;标签。
The issue was resolved by correcting the bits in the <authentication><forms> tag in the web.config, as well as the <membership> tag.
造成本的另一个问题是,如果我的装饰与授权属性的控制器,它被忽略这一事实,因此该控制器试图基于当前用户来处理信息,这显然为空,因此,异常的所有方式均被解雇了。
Another issue caused by this was the fact that if I decorated a controller with the Authorize attribute, it was ignored, so the controller tried to process info based on the current user, that obviously was null, so all manner of exceptions were fired.
这篇关于未经授权的请求不会重定向与RETURNURL查询字符串参数到登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
