如何重定向后保持一个参数的URL来的Login.aspx [英] How to keep a parameter from url after redirect to login.aspx
问题描述
我有以下途径:
{语言} / {}控制器.mvc / {行动} / {ID}
一旦用户已经choosen的语言,然后它被保持在路由值语言
HTTP://localhost%3A4000/de/Account.mvc/Register
我有一个问题,如果用户点击需要auhtorization的页面。然后,他IST重定向到的http://localhost%3A4000/Account.mvc/Login?ReturnUrl=%2fde%2fAccount.mvc%2fProfileData
的登录页面web.config中配置并不允许从路线的参数。登录后的页面就可以了(的http://localhost%3A4000/de/Account.mvc/ProfileData ),但在登录页面本身没有路由值的语言。
我该如何解决这个问题?
修改
我用达林的答案,但必须包括所有从原来的授权过滤器(AuthorizeAttribute.cs)在code。其原因是在该文件中。它处理,其中未经授权的用户可能会从缓存安全网页的情况。
下面是在code注释:
// **重要**
//由于我们在行动层面进行授权,授权code运行
//输出缓存模块之后。在最坏的情况下,这可能允许被授权的用户
//导致缓存网页,然后未经授权的用户以后将被送达
//缓存页面。我们解决此告诉代理服务器不缓存敏感的页面,
//然后我们钩住我们的自定义授权code到缓存机制,使我们有
//是否页应该从缓存中提供说了算。
与窗体身份验证的问题是,你不能有一个动态配置的登录URL。这只是顺便ASP.NET团队设计的框架。在某一时刻FormsAuthentication.RedirectToLoginPage方法将被调用,这将只是重定向到web.config中的硬codeD网址。
我可以看到两个可能的解决方法:
- 请不要专卖店语言的网址,但在Cookie
- 编写重定向到一个动态构建登录页面,如果用户没有通过验证自定义ActionFilter
下面是一个使用自定义属性的例子:
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class,继承= TRUE,的AllowMultiple = TRUE)]
公共类RequiresAuthenticationAttribute:FilterAttribute,个IAuthorizationFilter
{
公共无效OnAuthorization(AuthorizationContext filterContext)
{
IPrincipal的用户= filterContext.HttpContext.User;
如果(!user.Identity.IsAuthenticated)
{
filterContext.Result =新RedirectResult(在这里计算你的登录URL FROM ROUTES);
}
}
}
I have the following route:
{language}/{controller}.mvc/{action}/{id}
Once a user has choosen the language it is then maintained in the route-value language.
http://localhost%3A4000/de/Account.mvc/Register
I have a problem if a user hits a page that needs auhtorization. He ist then redirected to http://localhost%3A4000/Account.mvc/Login?ReturnUrl=%2fde%2fAccount.mvc%2fProfileData
The login page is configured in web.config and does not allow for a parameter from the route. The page after login is ok (http://localhost%3A4000/de/Account.mvc/ProfileData) but the login-page itself has no route-value language.
How can I fix this?
EDIT
I used the answer of Darin, but had to include all the code from the original Authorize filter (AuthorizeAttribute.cs). The reason is documented in that file. It handles the case where an unauthorized user might get a secured page from the cache.
Here is the comment in the code:
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
The problem with forms authentication is that you cannot have a dynamically configured login url. That's just the way ASP.NET team designed the framework. At some moment FormsAuthentication.RedirectToLoginPage method will be called which will just redirect to the hardcoded url in web.config.
I can see two possible workarounds:
- Don't store language in the url but in a cookie
- Write a custom ActionFilter that redirects to a dynamically constructed login page if user is not authenticated
Here's an example using a custom attribute:
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class RequiresAuthenticationAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
IPrincipal user = filterContext.HttpContext.User;
if (!user.Identity.IsAuthenticated)
{
filterContext.Result = new RedirectResult("CALCULATE YOUR LOGIN URL HERE FROM ROUTES");
}
}
}
这篇关于如何重定向后保持一个参数的URL来的Login.aspx的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
