在身份验证超时后单击“注销”时,无法找到资源错误

时间:2013-12-31 03:13:08

标签: c# asp.net-mvc asp.net-mvc-4

我使用ASP.NET 4 SimpleMembership提供的默认身份验证方法。我没有在web.config文件中设置身份验证超时,我使用以下代码设置超时:

int timeout = model.RememberMe ? 2880 : 10; // Timeout in minutes, if rememberme is checked it's 2 days else 10 minutes
                    var ticket = new FormsAuthenticationTicket(model.UserName, model.RememberMe, timeout);
                    string encrypted = FormsAuthentication.Encrypt(ticket);
                    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
                    cookie.Expires = System.DateTime.Now.AddMinutes(timeout);
                    cookie.HttpOnly = true; 
                    Response.Cookies.Add(cookie);

一切正常,除了名为_LoginPartial.cshtml的共享视图中的Log off链接,它的代码是:

@if (Request.IsAuthenticated)
{
    <text>
    Hello, @Html.ActionLink(User.Identity.Name, "Manage", "Account", routeValues: null, htmlAttributes: new { title = "Manage" })!
        @using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm" }))
        {
            @Html.AntiForgeryToken()
            <a href="javascript:document.getElementById('logoutForm').submit()">Log off</a>
        }
    </text>
}
else
{
    <ul>
        <li>@Html.ActionLink("Log in", "Login", "Account", routeValues: null, htmlAttributes: new { id = "loginLink" })</li>
    </ul>
}

当超时未发生时,注销工作正常。当身份验证在10分钟后超时以及用户单击“注销”按钮时,用户将被重定向到带有URL的“登录”页面

http://localhost:11408/Account/Login?ReturnUrl=%2fAccount%2fLogOff

用户登录后,会重定向到网址:

http://localhost:11408/Account/LogOff

发生以下错误:

Server Error in '/' Application.

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

Requested URL: /Account/LogOff

我是ASP.NET MVC的新手,我不知道如何处理它。以下是我的路线配置:

public class RouteConfig
    {
        public static void RegisterRoutes(RouteCollection routes)
        {
            routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

            routes.MapRoute(
                name: "Default",
                url: "{controller}/{action}/{id}",
                defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
            );
        }
    }

我该如何解决这个问题? :o

1 个答案:

答案 0 :(得分:3)

问题是LogOff没有实际页面 - 它只是一个服务器端方法。所以你永远不应该从Login方法重定向。您可以通过更改Login方法来修复此问题,以包含检查以确保在超时到期后永远不会无意中调用LogOff方法。

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult Login(LoginModel model, string returnUrl)
    {
        if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
        {
            if (returnUrl != null && returnUrl.ToLowerInvariant().StartsWith("/account/logoff"))
            {
                return RedirectToLocal("/Account"); // Redirect to your default account page
            }
            return RedirectToLocal(returnUrl);
        }

        // If we got this far, something failed, redisplay form
        ModelState.AddModelError("", "The user name or password provided is incorrect.");
        return View(model);
    }
相关问题
最新问题