Asp.Net的mvc窗体身份验证导致登录URL被调用两次 [英] Asp.Net Mvc forms authentication is causing login url to be called twice

问题描述

我们有一个新的项目，这是非常裸露的骨头的时刻。

We have a new project which is very bare bones at the moment.

我设置窗体身份验证，并有以下几点看法：

I'm setting up forms auth and have the following views:

views/home/index.cshtml
views/logon/index.cshtml

在我的web.config我有以下几点：

in my web.config i have the following:

<authentication mode="Forms">
  <forms loginUrl="~/LogOn/Dev" />
</authentication>

如果启用登录的动作称为两次

If this is enabled the action for login is called twice

如果我注释掉它仅仅被调用一次？

If I comment it out it is only called once?

什么想法？

推荐答案

这是一个有点难以启齿而不操作方法，但如果它看起来像这样...

It is a bit hard to tell without the action method but if it looks something like this...

[AllowAnonymous]
        public ActionResult External()
        {
            var authentication = HttpContext.GetOwinContext().Authentication;
            if (Request.HttpMethod == "POST")
            {
                foreach (var key in Request.Form.AllKeys)
                {
                    if (key.StartsWith("submit.External.") && !string.IsNullOrEmpty(Request.Form.Get(key)))
                    {
                        var authType = key.Substring("submit.External.".Length);
                        authentication.Challenge(authType);
                        return new HttpUnauthorizedResult();
                    }
                }
            }
            var identity = authentication.AuthenticateAsync("External").Result.Identity;
            if (identity != null)
            {
                authentication.SignOut("External");
                authentication.SignIn(
                    new AuthenticationProperties { IsPersistent = true },
                    new ClaimsIdentity(identity.Claims, "Application", identity.NameClaimType, identity.RoleClaimType));
                return Redirect(Request.QueryString["ReturnUrl"]);
            }

            return View();
        }

...然后HttpUnauthorizedResult（）被调用，这个方法查找一个RETURNURL查询字符串键/值对。如果它不通过存在，那么它的周期再​​次，附加当前的URL作为在此一对的第二个运行的值，从而有效地调用方法的两倍。

... then HttpUnauthorizedResult() is called and this method looks for a ReturnUrl query string key/value pair. If it doesn't exist, then it cycles through again, appending the current URL as for the value in this pair on the second run, effectively calling the method twice.

为了避免在查询字符串像这样提供一个有效的RETURNURL键值对...

In order to avoid, supply a valid ReturnUrl key value pair in the query string like this...

<a href="/Account/Login?ReturnUrl=@ViewContext.HttpContext.Request.Url.PathAndQuery">Login to Your App</a>

请注意，关键是区分大小写的。如果您使用RETURNURL例如，该方法将仍然被调用两次。

Note that the key is case sensitive. If you use ReturnURL for example, the method will still be called twice.

这篇关于Asp.Net的mvc窗体身份验证导致登录URL被调用两次的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！