不规律的定义重定向到RETURNURL登录后一个窗体身份验证路径 [英] Defining a forms auth path erratically redirecting to ReturnUrl after logon
问题描述
我在使用窗体身份验证我希望有人能够阐明一些轻很不稳定问题。下面是在web.config中:
I'm having a very erratic problem with forms auth I'm hoping someone can shed some light on. Here's what's in the web.config:
<location path="Admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
而对于在auth:
And for the auth:
<authentication mode="Forms">
<forms loginUrl="~/Admin/LogOn.aspx" name="MyAppAdmin" requireSSL="false" path="/Admin" cookieless="UseCookies"/>
</authentication>
还有实施的ValidateUser对凭证库自定义成员提供。该应用程序有一个LoginName控件母版页。
There's also a custom membership provider implementing ValidateUser against a credential repository. The app has a master page with a LoginName control.
什么似乎是发生的是,有时用户成功登录,但在登录页仍,而不是将其重定向到查询字符串中RETURNURL。我们知道,他们已经成功通过身份验证,因为LoginName控件显示自己的身份,他们可以随时浏览切换到其他受保护的内容。
What seems to be happening is that sometimes a user logs on successfully but the logon page remains rather than redirecting them to the ReturnUrl in the query string. We know they've successfully authenticated because the LoginName control shows their identity and they can always browse off to other secured content.
不幸的是,我们无法确定导致这一格局。不同的浏览器,不同的服务器,删除cookie,SSL或无SSL;有没有明显的模式。其中唯一的是的明确的是,从形式节点中删除路径属性问题后不能复制。
Unfortunately we can't identify the pattern which causes this. Different browsers, different servers, removing cookies, SSL or no SSL; there's no discernible pattern. The only thing which is clear is that after removing the "path" attribute from the forms node the problem couldn't be reproduced.
这有什么明显错误与此配置?一个可能的原因有什么想法?显然,路径属性不是必需的,但它是很好的东西隔离开远一点。
Is there anything obviously wrong with this configuration? Any thoughts on a possible cause? Obviously the path attribute isn't essential but it's nice to isolate things a bit further.
推荐答案
所以,我居然发现了点击提交之前,这项权利的答案,但已经把它用于具有对这样的信息的缘故。里克·斯特劳竟在这篇文章钉它;这是一个区分大小写的问题。
So I actually found the answer for this right before clicking the submit but have put it in for the sake of having the info on SO. Rick Strahl actually nailed it in this post; it's a case sensitivity problem.
基本上,如果你打/ admin的它重定向你/Admin/LogOn.aspx?ReturnUrl=%2fadmin%2fdefault.aspx,那么认证后Cookie设置针对定义的路径/管理员(在web.config),那么你重定向到/admin/Default.aspx。为验证所以你环回绕到形式的路径比较是区分大小写,因此你不被识别。
Basically, if you hit "/admin" it redirects you to "/Admin/LogOn.aspx?ReturnUrl=%2fadmin%2fdefault.aspx" then after authentication the cookie is set against the path "/Admin" (defined in the web.config), then you're redirected to "/admin/Default.aspx". The path comparison is case sensitive therefore you're not being identified as authenticated so you're looped back around to the form.
原因我的结果是不稳定的,是由于一些人手动键入管理员和其他输入admin的。我是不是在旁边的家伙这样做的,这一切在电话中听起来就好了。
The reason my results were erratic was due to some people manually typing "Admin" and others typing "admin". I wasn't next the the guys doing this and it all sounded just fine over the phone.
简单的答案;摆脱路径属性。除非你有绝对的信心的情况下也不会改变这太麻烦了。
Simple answer; get rid of the path attribute. It's too much trouble unless you have absolute confidence the case won't change.
这篇关于不规律的定义重定向到RETURNURL登录后一个窗体身份验证路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
