我正在开发一个新的ASP.NET应用程序。在IIS8上,如果我禁用匿名访问并启用基本或Windows身份验证,它将进入无限重定向循环并在浏览器中断循环后登陆以下URL:
https://XXXXXX.com/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252F
凭据框永远不会弹出。可能有什么不对?
答案 0 :(得分:17)
我修好了。首先要做的是在IIS和Visual Studio项目上启用Windows auth并禁用匿名(在解决方案资源管理器和属性窗口中选择根项目节点以禁用匿名访问并启用Windows身份验证)。接下来,将以下行添加到web.config:
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
接下来打开App_Start / Startup.Auth.cs并注释掉(或删除)以下内容:
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
接下来,发布到您的网络服务器,您应该能够在没有该重定向错误的情况下登录!
答案 1 :(得分:3)
通过禁用匿名访问,不允许首先通过身份验证查看使login成为{{1}}的页面。
因此系统尝试通过在登录页面上重定向来验证用户,但由于不能允许登录页面,因此可以在此循环中感受到。
答案 2 :(得分:0)
可以在您的machine.config文件中或您的全局web.config中,使用此URL作为身份验证页面启用表单身份验证。
答案 3 :(得分:0)
检查&#34;空闲时间&#34; IIS应用程序池中的小步骤,高级设置。如果它不超过系统会话超时,则将其设置为更多的数字。
例如,如果您将会话超时值设置为30,则使&#34;空闲超时&#34; IIS应用程序池中的小步骤超过30+。 默认&#34;空闲时间&#34; IIS应用程序池中的minuets通常为20。
答案 4 :(得分:0)
我遇到了同样的问题,但我只是通过在登录控制器之前添加[AllowAnonymous]来修复它。它可能对每个人都不起作用,但也许就是这样。