UseStatusCodePagesWithReExecute不适用于禁止(403) [英] UseStatusCodePagesWithReExecute is not working for forbidden (403)

查看：245 发布时间：2020/9/8 22:33:35 c# asp.net-core error-handling

本文介绍了UseStatusCodePagesWithReExecute不适用于禁止(403)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

当我将404指定为http结果代码时，UseStatusCodePagesWithReExecute工作正常.

When I specify 404 as a http result code, UseStatusCodePagesWithReExecute is working like expected.

当我将403指定为http结果代码时，UseStatusCodePagesWithReExecute无法正常工作.就像我指定了UseStatusCodePagesWithRedirects一样.

When I specify 403 as a http result code, UseStatusCodePagesWithReExecute is not working like expected. Somehow it works like I have specified UseStatusCodePagesWithRedirects.

对于400-600(包括403)范围内的所有状态代码，我都需要UseStatusCodePagesWithReExecute的行为.

I need the behaviour of UseStatusCodePagesWithReExecute for all status codes in range of 400-600, including 403.

配置代码:

public IServiceProvider ConfigureServices(IServiceCollection services)
{
    //...
    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
            {
                options.Cookie.HttpOnly = true;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.Cookie.SameSite = SameSiteMode.None;
                options.AccessDeniedPath = new PathString("/error/403/");
                options.LoginPath = "/account/signinrouter/";
            });
    //...
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider serviceProvider)
{
    //...
    app.UseStatusCodePagesWithReExecute("/error/{0}");
    //...
}

操作代码:

public IActionResult NotFound()
{
    return base.NotFound();
}

public IActionResult Forbidden()
{
    return base.Forbid();
}

推荐答案

感谢@Kirk

将此代码添加到AddCookie即可达到目的.

Adding this code to AddCookie does the trick.

options.Events.OnRedirectToAccessDenied = context =>
{
    context.Response.StatusCode = 403;

    return Task.CompletedTask;
};

这是原始的事件处理程序方法，我不在乎Location标头，因此我省略了相关代码，您可能不想这样做.

This is the original event handler method, I don't care the Location header, so I have omitted the related code, you may not want to.

public Func<RedirectContext<CookieAuthenticationOptions>, Task> OnRedirectToAccessDenied { get; set; } = (Func<RedirectContext<CookieAuthenticationOptions>, Task>) (context =>
{
    if (CookieAuthenticationEvents.IsAjaxRequest(context.Request))
    {
    context.Response.Headers["Location"] = (StringValues) context.RedirectUri;
    context.Response.StatusCode = 403;
    }
    else
    context.Response.Redirect(context.RedirectUri);
    return Task.CompletedTask;
});

这篇关于UseStatusCodePagesWithReExecute不适用于禁止(403)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

UseStatusCodePagesWithReExecute不适用于禁止(403) [英] UseStatusCodePagesWithReExecute is not working for forbidden (403)

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录关闭

UseStatusCodePagesWithReExecute不适用于禁止(403) [英] UseStatusCodePagesWithReExecute is not working for forbidden (403)

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录 关闭

登录关闭