ASP.NET应用程序中的登录页面拒绝FormsAuthentication访问 [英] Login Page in ASP.NET application with FormsAuthentication access denied

问题描述

我正在运行一个Web应用程序，需要用户登录.Webconfig:

I've got a webapp running that needs users to login. Webconfig:

    <!--Logging in stuff-->
    <authentication mode="Forms">
        <forms loginUrl="login.aspx" timeout="2880"/>
    </authentication>
    <authorization>
        <deny users="?"/>
    </authorization>

然后在login.aspx页面(仔细检查名称)中，使用我自己的数据库验证了用户凭据后，我将具有以下逻辑:

And in the login.aspx page (doubled checked the name) I have the following logic after verifying the user credentials using my own database:

    if (checkCredentials.searchCredentials(attemptedName, passwordBox.Text) != null)
            {
                FormsAuthentication.RedirectFromLoginPage(attemptedName,false);
            }

我知道if语句可以正常工作，就像我以前登录时使用的方法一样.

I know the if statement works, as it did with a previous method I used for logging in.

但是，当我运行该应用程序时，登录页面会立即打开，错误401.2.帮助将不胜感激:)

However, when I run the application, the login page opens up immediately with error 401.2. Help would be much appreciated :)

推荐答案

我要发布另一个答案，因为这涉及使用Visual Studio 2017和表单身份验证的典型问题，并且是我以前的答案的替代方法.

I am posting another answer since this deals with the typical problem of using Visual Studio 2017 with forms authentication, and is an alternate to my previous answer.

Visual Studio 2017将自动将名为 Microsoft.AspNet.FriendlyUrls 的NuGet包添加到您的网站或Web应用程序项目.由于使用了该软件包，因此无法进行表单身份验证，甚至登录页面也无法呈现多次.

Visual Studio 2017 will automatically add a NuGet package called Microsoft.AspNet.FriendlyUrls to your website or web app project. Because of this package, forms authentication will not work and even the login page will not render many times.

• 我上一个答案中解释的解决方案是删除此问题打包或注释global.asax中Application_Start事件中的行表示 RouteConfig.RegisterRoutes(RouteTable.Routes); .如果您使用此方法，则您的网站将失去friendlyUrls的优势.

• 但是，下面的两个不同的配置中提到了第三个解决方案.您可以使用它们中的任何一个.

• The solution explained in my previous answer is to remove this package or comment the line in Application_Start event in global.asax that says RouteConfig.RegisterRoutes(RouteTable.Routes);. Your website will lose the benefits of friendlyUrls if you use this approach.

• But, there is a third solution that is mentioned in two different CONFIGURATIONS below; you can use either of them.

• 配置1从登录名和defaultUrl中删除aspx扩展名
  值.

• CONFIGURATION 1 removes the aspx extension from login and defaultUrl
  values.

配置2保留了aspx扩展名，但添加了特殊访问权限对应于login.aspx的freindlyurl的权限.

CONFIGURATION 2 keeps the aspx extensions but adds special access permissions for freindlyurl corresponding to login.aspx.

(访问权限中的?表示所有未经身份验证的用户， * 表示所有用户，即经过身份验证的用户和未经身份验证的用户)

(? in access permission means all unauthenticated users and * means all users i.e. authenticated + unauthenticated users)

注意:我已经尝试并测试了此解决方案.

NOTE: I have tried and tested this solution.

使用Friendly Urls时用于表单身份验证配置的CONFIGURATION 1

<authentication mode="Forms">
<forms loginUrl="login" defaultUrl="home" 
   slidingExpiration="true" timeout="20" name=".Auth" protection="All">
</forms>
</authentication>

使用Friendly Urls时用于表单身份验证配置的CONFIGURATION 2

<system.web>
<!--keep the aspx extensions for login and default pages-->
<authentication mode="Forms">
    <forms loginUrl="login.aspx" defaultUrl="home.aspx" 
       slidingExpiration="true" timeout="20" name=".Auth" protection="All">
    </forms>
    </authentication>
</system.web>

<!-- add access permissions for friendly url corresponding to login.aspx-->
<location path="login">
        <system.web>
            <authorization>
                <allow users="?" />
                <deny users="*" />
            </authorization>
        </system.web>
    </location>
</configuration>

这篇关于ASP.NET应用程序中的登录页面拒绝FormsAuthentication访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！