我在ASP.NET MVC 5中实现角色有点绑定。我试图以没有访问应用程序区域所需角色的用户身份登录I&#39 ;我试图达到。我在这种情况下的期望是,我再次被重定向到登录页面,直到我输入一组有权访问的凭据或我导航到应用程序的另一个区域。
实际发生的是应用程序似乎进入登录重定向循环,调试通过显示多次调用Login操作。
以下是登录操作:
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
这会导致IIS生成错误:
HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.
查询字符串如下所示:
http://localhost/MyApplication/Account/Login?ReturnUrl=%2FMyApplication%2FAccount%2FLogin%3FReturnUrl%3D%252FMyApplication%252FAccount%252FLogin%253FReturnUrl%253D%25252FMyApplication%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FMyApplication%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FMyApplication%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FMyApplication%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FMyApplication%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FMyApplication%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FMyApplication%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FMyApplication%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FMyApplication%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FMyApplication%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FMyApplication%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FMyApplication%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FMyApplication%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FMyApplication%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FMyApplication%252525252525252525252525252525252F
我从一个正常工作的解决方案(尽管没有基于角色的授权)转到我当前破碎的情况的唯一变化是在我成功登录时重定向到的控制器上面添加了以下内容: / p>
[Authorize(Roles = "Staff")]
正如我之前所说,我登录的用户不在此角色,但我希望在没有循环的情况下进行正常的单一重定向登录。
编辑:请求bu @dima,通过过滤器应用授权的详细信息......我有以下内容:
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new AuthorizeAttribute());
}
}
但是,我已经使用和不使用此行测试了应用程序,并且重定向循环继续有增无减。
答案 0 :(得分:12)
虽然这个问题很老,但我遇到了同样的问题并找到了解决方案。
最初,我添加了相同的AuthorizationAttribute过滤器,并发现自己处于同一个循环中。然后我把它拿走并开始将authorize属性添加到各个控制器,并发现无限循环仅在将authorize属性添加到我的home控制器时发生。事实证明我的HomeController在 我的AccountController之后被称为 。
在我的_Layout.cshtml中,我打电话给以下人员:
@Html.Action("LeftNav", "Home")
布局页面将正确呈现正文,但是当它到达时,它正在命中具有授权属性的控制器方法。这导致重定向到Account/Login。
将AllowAnonymous属性添加到LeftNav操作可以解决问题。
确保您的Login视图和布局不会调用任何具有授权属性的操作。
自从发现这一点后,我为未经授权的请求创建了自定义布局,以避免出现此类潜在问题。
答案 1 :(得分:0)
我正在处理问题中给出的相同示例,但@silencedmessage给出的答案(标记)无法解决我的情况,尽管我已断开Home控制器与{{1}之间的所有链接控制器和Account控制器和Account视图之间。如果有人面临与我相同的情况,我建议在解决方案中添加以下步骤:
由于此示例中的_layout已全局应用,因此默认情况下其所有操作方法均受到保护,并且不允许“匿名”#39;访问。在此示例中,AuthorizeAttribute属性仅应用于[AllowAnnonymous]登录操作方法。它不适用于[HttpPost]登录ActionMethod,并且由于[HttpGet]全局应用,它也保护AuthorizeAttribute登录ActionMethod,因此[HttpPost]登录ActionMethod没有执行,而你正在重定向到[HttpPost]无限地登录ActionMethod。
只需将[HttpGet]添加到[AllowAnnonymous]登录,ActionMethod即可解决我的问题。
希望它有所帮助。
答案 2 :(得分:0)
如果有人遇到问题MVC可以重新登录而没有任何错误,那么在Visual Studio / IIS Express中运行时,请确保该项目设置为使用SSL并在登录时使用https本地主机地址。