UseStatusCodePagesWithReExecute不适用于禁止(403) [英] UseStatusCodePagesWithReExecute is not working for forbidden (403)
问题描述
当我将404指定为http结果代码时,UseStatusCodePagesWithReExecute
工作正常.
When I specify 404 as a http result code, UseStatusCodePagesWithReExecute
is working like expected.
当我将403指定为http结果代码时,UseStatusCodePagesWithReExecute
无法正常工作.就像我指定了UseStatusCodePagesWithRedirects
一样.
When I specify 403 as a http result code, UseStatusCodePagesWithReExecute
is not working like expected. Somehow it works like I have specified UseStatusCodePagesWithRedirects
.
对于400-600(包括403)范围内的所有状态代码,我都需要UseStatusCodePagesWithReExecute
的行为.
I need the behaviour of UseStatusCodePagesWithReExecute
for all status codes in range of 400-600, including 403.
配置代码:
public IServiceProvider ConfigureServices(IServiceCollection services)
{
//...
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.SameSite = SameSiteMode.None;
options.AccessDeniedPath = new PathString("/error/403/");
options.LoginPath = "/account/signinrouter/";
});
//...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider serviceProvider)
{
//...
app.UseStatusCodePagesWithReExecute("/error/{0}");
//...
}
操作代码:
public IActionResult NotFound()
{
return base.NotFound();
}
public IActionResult Forbidden()
{
return base.Forbid();
}
推荐答案
感谢@Kirk
将此代码添加到AddCookie
即可达到目的.
Adding this code to AddCookie
does the trick.
options.Events.OnRedirectToAccessDenied = context =>
{
context.Response.StatusCode = 403;
return Task.CompletedTask;
};
这是原始的事件处理程序方法,我不在乎Location
标头,因此我省略了相关代码,您可能不想这样做.
This is the original event handler method, I don't care the Location
header, so I have omitted the related code, you may not want to.
public Func<RedirectContext<CookieAuthenticationOptions>, Task> OnRedirectToAccessDenied { get; set; } = (Func<RedirectContext<CookieAuthenticationOptions>, Task>) (context =>
{
if (CookieAuthenticationEvents.IsAjaxRequest(context.Request))
{
context.Response.Headers["Location"] = (StringValues) context.RedirectUri;
context.Response.StatusCode = 403;
}
else
context.Response.Redirect(context.RedirectUri);
return Task.CompletedTask;
});
这篇关于UseStatusCodePagesWithReExecute不适用于禁止(403)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!