表单身份验证和XmlDocument.Load [英] Form Authentication and XmlDocument.Load
问题描述
我正在使用c#运行asp.net Web应用程序.使用以下内容: -Windows 2003服务器 -IIS6.0 -.net Framework 2.0.50727
I'm running an asp.net web application with c#. The following is used: - Windows 2003 server - IIS6.0 - .net Framework 2.0.50727
我正在尝试实现表单身份验证,并在Web.Config文件中输入了以下代码:
I'm trying to implement Forms Authentication and have entered the following code in the Web.Config file:
<authentication mode="Forms">
<forms loginUrl="01_Login.aspx"
name=".ASPXFORMSAUTH"
defaultUrl="02_PendingDoc.aspx"
timeout="120"
path="/"
protection="All"
enableCrossAppRedirects="true">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
登录按预期方式工作,除非用户使用有效的用户名和密码登录,否则用户将无法访问01_Login.aspx以外的任何页面.当用户提供正确的登录详细信息时,将执行以下代码:
The login is working as expected, the users can't access any pages other than the 01_Login.aspx until they logged in with a valid username and password. When the user provides the correct login details the following code is done:
FormsAuthentication.RedirectFromLoginPage(logLogin.UserName, false);
但是,当用户单击按钮时,将运行以下代码:
However, when the user clicks on a button the following code is run:
//Load xml file into XMLDocument object
XmlDocument xmlDoc = new XmlDocument();
try
{
xmlDoc.Load("SearchConfig.xml");
}
catch (XmlException e)
{
Console.WriteLine(e.Message);
}
上面的xmlDoc.Load函数将失败,并创建XmlException并显示以下消息"{".未找到预期的DTD标记.第5行,位置3.}".我还试图注释掉Web.Config文件的以下部分:
The xmlDoc.Load function above will fail and create an XmlException with the following message "{"Expected DTD markup was not found. Line 5, position 3."}". I have also tried to comment out the following part of the Web.Config file:
<deny users="?"/>
然后xmlDoc.Load函数起作用,但是,当然,用户可以访问我的所有应用程序页面.
And then the xmlDoc.Load function works, but of course, then the users can access all of my applications pages.
有人知道我做错了什么吗?
Anyone, that have any idea what I've done wrong?
推荐答案
如果您使用的是表单身份验证,即使您已经登录,xmlDocument也会先进入登录页面.此页面不是XML文件.因此,例外.我看到一个建议可以解决这个问题:
if you are using forms authentication, even if you are already logged in, xmlDocument is going to the loging page first. This page is not an XML file. Hence the exception. I saw a suggestion that this could work:
void Main()
{
XmlUrlResolver resolver = new XmlUrlResolver();
resolver.Credentials = CredentialCache.DefaultCredentials;
var x = new XmlDocument();
x.XmlResolver = resolver;
x.Load("https://yourUrl");
}
这听起来像是一个很好的建议,但我无法使它正常工作.我将尝试使用Web请求来获取xml.因为当我使用Web浏览器时,返回了xml,而无需通过表单身份验证再次登录.
It sounds like a good advice but i could not get it work. I will try to get the xml using a web request instead. Because when I use a web browser, the xml is returned without needing to log on again through forms authentication.
最后找到了解决方案.正如我所解释的,这是由于使用了表单身份验证.我在想,一旦建立HTTPS,来自应用程序的所有通信都会自动获得授权.但是,对后端应用程序的调用需要身份验证.这就是为什么我没有得到xml而是得到一个html页面即登录页面的原因.我设法通过添加身份验证cookie来绕过表单身份验证:
Finally found the solution. As I explained this is due to using forms authentication. I was thinking once HTTPS is established all communication from the application will have authorization automatically. However, calls to back-end applications require authentication. That is why instead of getting back the xml I was getting an html page which is the login page. I managed to bypass the forms authentication by adding the authentication cookie as below:
var httpCookie = FormsAuthentication.GetAuthCookie(context.User.Identity.Name, false);
var cookie = new Cookie(httpCookie.Name, httpCookie.Value, httpCookie.Path, HttpContext.Current.Request.Url.Host);
var rq = (HttpWebRequest) WebRequest.Create(url);
rq.CookieContainer = new CookieContainer();
rq.CookieContainer.Add(cookie);
var rs = (HttpWebResponse) rq.GetResponse();
var strm = rs.GetResponseStream();
var rdr = new StreamReader(strm);
var str = rdr.ReadToEnd();
var userDetails = new XmlDocument();
userDetails.LoadXml(str);
这篇关于表单身份验证和XmlDocument.Load的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
