在没有 MVC 的情况下使用路由:身份验证表单 [英] Using Routing without MVC: authentication form

问题描述

现在我正在尝试使用 System.Web.Routing.一切都很好，但我无法理解如何使表单身份验证与 url 路由(返回 url、重定向等)一起工作.谷歌什么也没说.帮助！:)

Now I'm trying to work with System.Web.Routing. All is just fine, but I can't understand how to make form authentication work with url routing (return url, redirection, etc). Google says nothing. Help! :)

UPD:我忘了 - 我不使用 MVC.那就是问题所在.如何在没有MVC的情况下使用rounig和表单身份验证

UPD: I forgot - I don't use MVC. That's the problem. How to use rounig and form authentication without MVC

UPD2:更多关于我的问题
我想得到什么:使用路由的mysite.com/content/123"、mysite.com/login/"等网址.使登录页面像常规"ASP.NET 登录表单一样工作很重要(未登录时从安全区域重定向登录，登录时重定向回安全区域).
这就是我正在做的.
在 Application_Start 上的 global.asax 中，像这样注册路由:

UPD2: more about my problem
What I want to get: urls such "mysite.com/content/123", "mysite.com/login/", etc using Routes. It’s important to make login page works like "regular" ASP.NET login form (redirects to login from secure area when not login on, and redirect back to secure area when loggined).
That’s what I’m doing.
In global.asax on Application_Start, register routes like this:

routes.Add("LoginPageRoute", new Route("login/", new CustomRouteHandler("~/login.aspx")));
routes.Add("ContentRoute", new Route("content/{id}", new ContentRoute("~/content.aspx"))
{
    Constraints = new RouteValueDictionary {{ "id", @"d+" }}
});

Where CustomRouteHandler 和 ContentRoute - 简单的 IRouteHandler 类，就像:...

Where CustomRouteHandler and ContentRoute – simple IRouteHandler classes, just like: ...

public IHttpHandler GetHttpHandler(RequestContext requestContext)
{
    var page = BuildManager.CreateInstanceFromVirtualPath(VirtualPath, typeof(Page)) as IHttpHandler;
    return page;
}

...

一切似乎都很完美:当转到 /content/10" 和 login.aspx 时，我得到了 content.aspx当去/login/".但是……
当我保护内容时(在 web.config 中，使用 deny="?")，登录表单无法正常工作.
现在我无法访问/content/10"页面:

0. 我正在浏览器中输入 /content/10".
1. 网站重定向到 /login/?ReturnUrl=%2fcontent%2f10".(嗯……似乎所有的问题都从这里开始，对吗?:)
2.我正在尝试登录.无论我输入了什么凭据......
3. …网站将我重定向到 login?ReturnUrl=%2fContent%2f10"(黄色错误屏幕 - 访问被拒绝.code> 描述:访问服务此请求所需的资源时出错.服务器可能未配置为访问请求的 URL.)
所以，问题是如何让 ASP.NET 理解真正的 ReturnUrl 并在登录后提供重定向.

All seems to be perfect: I’m getting content.aspx when go to "/content/10" and login.aspx when go to "/login/". But…
When I make content secured (in web.config, with deny="?"), login form doesn’t work like expected.
Now I can’t reach the "/content/10" page:

0. I’m typing "/content/10" in my browser.
1. Site redirects to "/login/?ReturnUrl=%2fcontent%2f10". (Hm… seems like all problems starts here, right? :)
2. I’m trying to log in. No matter what credentials I’m entered…
3. …site redirects me to "login?ReturnUrl=%2fContent%2f10" (yellow screen of error - Access is denied. Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.)
So, the problem is how to get ASP.NET understand real ReturnUrl and provide redirection after login.

推荐答案

这些步骤应该允许您实现所需的行为.
总结一下:

These steps should allow you to implement the required behaviour.
To summarize:

1. 您使用的是路由而不是 MVC.我的示例将像 http://host/Mysite/userid/12345 这样的 url 映射到真实页面上在 http://host/Mysite/Pages/users.aspx?userid=12345.
2. 您想控制对这些地址的访问，要求用户登录.我的示例有一个带有标准登录控件的页面 http://host/Mysite/login.aspx，并且站点配置为使用表单身份验证.

1. You are using routing but not MVC. My example will map a url like http://host/Mysite/userid/12345 onto a real page at http://host/Mysite/Pages/users.aspx?userid=12345.
2. You want to control access to these addresses, requiring the user to logon. My example has a page http://host/Mysite/login.aspx with a standard login control, and the site is configured to use forms authentication.

步骤 1

我在 Pages 文件夹中使用这个 web.config 隐藏"了 Pages 文件夹的内容:

Step 1

I've "hidden" the contents of the Pages folder using this web.config in the Pages folder:

  <?xml version="1.0"?>
  <configuration>
    <system.web>
      <httpHandlers>
        <add path="*" verb="*"
            type="System.Web.HttpNotFoundHandler"/>
      </httpHandlers>
      <pages validateRequest="false">
      </pages>
    </system.web>
    <system.webServer>
      <validation validateIntegratedModeConfiguration="false"/>
      <handlers>
        <remove name="BlockViewHandler"/>
        <add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler"/>
      </handlers>
    </system.webServer>
  </configuration>  

这确保如果有人使用像 http://host/Mysite/Pages/users.aspx?userid=12345，然后他们会收到标准的 404 响应.

This ensures that if anyone uses a url like http://host/Mysite/Pages/users.aspx?userid=12345, then they receive a standard 404 response.

我的顶级 web.config 文件包含(以及所有标准内容)这个位置元素:

My top level web.config file contains (as well as all the standard stuff) this location element:

  <location path="userid">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

这可以防止匿名访问 http://host/Mysite/userid/12345 这意味着用户将被自动重定向到 login.aspx，然后如果他们提供有效的凭据，他们将被重定向到正确的位置.

This prevents anonymous access to urls of the form http://host/Mysite/userid/12345 which means users will be automatically redirected to login.aspx, then if they provide valid credentials, they will be redirected to the correct location.

这里是我的 global.asax 供参考:

For reference here is my global.asax:

<script RunAt="server">

    void Application_Start(object sender, EventArgs e)
    {
        // Code that runs on application startup
        RegisterRoutes(RouteTable.Routes);
     }

    public static void RegisterRoutes(RouteCollection routes)
    {
        routes.RouteExistingFiles = true;
        routes.Add("UseridRoute", new Route
        (
           "userid/{userid}",
           new CustomRouteHandler("~/Pages/users.aspx")
        ));
    }

</script>

这是我的路由处理程序:

And here is my route handler:

using System.Web.Compilation;
using System.Web.UI;
using System.Web;
using System.Web.Routing;
using System.Security;
using System.Web.Security;


public interface IRoutablePage
{
    RequestContext RequestContext { set; }
}

public class CustomRouteHandler : IRouteHandler
{
    public CustomRouteHandler(string virtualPath)
    {
        this.VirtualPath = virtualPath;
    }

    public string VirtualPath { get; private set; }

    public IHttpHandler GetHttpHandler(RequestContext
          requestContext)
    {
        var page = BuildManager.CreateInstanceFromVirtualPath
             (VirtualPath, typeof(Page)) as IHttpHandler;

        if (page != null)
        {
            var routablePage = page as IRoutablePage;

            if (routablePage != null) routablePage.RequestContext = requestContext;
        }

        return page;
    }
}

这篇关于在没有 MVC 的情况下使用路由:身份验证表单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！