从带有URLRouting的FormsAuthentication迁移到OWIN后的安全页面上的HTTPException - 没有重定向到LoginPath

时间:2015-04-27 15:08:01

标签: asp.net authentication webforms url-routing owin

我正在使用URLRouting开发一个asp.net多租户webforms应用程序。

使用formsAuthentication,一切都很完美。

当我切换到OWIN Cookie身份验证并请求安全页面时,我会收到以下错误,但它应该重定向到登录页面。

  

[HttpException(0x80004005):访问提供此请求所需的资源时发生错误。您可能没有权限查看请求的资源。]

     

System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context)+9727854   System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender,EventArgs e)+82   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()+136      System.Web.HttpApplication.ExecuteStep(IExecutionStep step,Boolean& completedSynchronously)+69

路线定义:

//Default Organisation Route
routes.MapPageRoute("",
            "de/{organisation}",
            "~/public/default.aspx",
            true,
            null,
            new RouteValueDictionary { { "organisation", organisationConstraint } });


routes.MapPageRoute("",
                "de/{organisation}/profile",
                "~/secure/profile.aspx",
                true,
                null,
                new RouteValueDictionary { { "organisation", organisationConstraint } });

的web.config:

<system.web>
    <compilation debug="true" targetFramework="4.5.0" />
    <httpRuntime targetFramework="4.5.0" />
    <authorization>
        <deny users="?"/>
    </authorization>
    <authentication mode="None"></authentication>
    <sessionState mode="Off"></sessionState>
</system.web>

<location path="de">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
<location path="public">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

启动类:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            CookieSecure = CookieSecureOption.SameAsRequest,
            LoginPath = new PathString("/public/login.aspx")
        });

我必须实现facebook身份验证,但我无法使用默认的CookieAuthentication来处理它。

如何将OWIN用于我的网址结构?

1 个答案:

答案 0 :(得分:1)

我在这里找到了我的解决方案:https://msdn.microsoft.com/en-us/magazine/dd347546.aspx

如果使用MapPageRoute,可能是PageRouteHandler中存在错误,因为嵌套的URL结构:

  

de / {organization} - &gt;是允许的

     

de / {organization} / profile - &gt;不允许

如果您编写自己的RouteHandler并使用UrlAuthorizationModule.CheckUrlAccessForPrincipal,则所有工作都按预期工作。

routes.Add("", new Route("de/{organisation}/profile",
                                        null,
                                        new RouteValueDictionary { { "organisation", organisationConstraint } },
                                        new WebFormRouteHandler("~/secure/profile.aspx", true)));

public class WebFormRouteHandler : IRouteHandler
{
    public WebFormRouteHandler(string virtualPath)
        : this(virtualPath, true)
    {
    }

    public WebFormRouteHandler(string virtualPath, bool checkPhysicalUrlAccess)
    {
        this.VirtualPath = virtualPath;
        this.CheckPhysicalUrlAccess = checkPhysicalUrlAccess;
    }

    public string VirtualPath { get; private set; }

    public bool CheckPhysicalUrlAccess { get; set; }

    public IHttpHandler GetHttpHandler(RequestContext requestContext)
    {
        if (this.CheckPhysicalUrlAccess && !UrlAuthorizationModule.CheckUrlAccessForPrincipal(this.VirtualPath, requestContext.HttpContext.User, requestContext.HttpContext.Request.HttpMethod))
        {
            requestContext.HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
            requestContext.HttpContext.Response.End();
        }

        var display = BuildManager.CreateInstanceFromVirtualPath(this.VirtualPath, typeof(Page)) as IHttpHandler;

        return display;
    }
}