Question

我正在使用URLRouting开发一个asp.net多租户webforms应用程序。

使用formsAuthentication，一切都很完美。

当我切换到OWIN Cookie身份验证并请求安全页面时，我会收到以下错误，但它应该重定向到登录页面。

[HttpException（0x80004005）：访问提供此请求所需的资源时发生错误。您可能没有权限查看请求的资源。]

System.Web.Routing.UrlRoutingModule.PostResolveRequestCache（HttpContextBase context）+9727854   System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache（Object sender，EventArgs e）+82   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute（）+136      System.Web.HttpApplication.ExecuteStep（IExecutionStep step，Boolean＆amp; completedSynchronously）+69

路线定义：

//Default Organisation Route
routes.MapPageRoute("",
            "de/{organisation}",
            "~/public/default.aspx",
            true,
            null,
            new RouteValueDictionary { { "organisation", organisationConstraint } });


routes.MapPageRoute("",
                "de/{organisation}/profile",
                "~/secure/profile.aspx",
                true,
                null,
                new RouteValueDictionary { { "organisation", organisationConstraint } });

的web.config：

<system.web>
    <compilation debug="true" targetFramework="4.5.0" />
    <httpRuntime targetFramework="4.5.0" />
    <authorization>
        <deny users="?"/>
    </authorization>
    <authentication mode="None"></authentication>
    <sessionState mode="Off"></sessionState>
</system.web>

<location path="de">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
<location path="public">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

启动类：

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            CookieSecure = CookieSecureOption.SameAsRequest,
            LoginPath = new PathString("/public/login.aspx")
        });

我必须实现facebook身份验证，但我无法使用默认的CookieAuthentication来处理它。

如何将OWIN用于我的网址结构？

Answer 1

我在这里找到了我的解决方案：https://msdn.microsoft.com/en-us/magazine/dd347546.aspx

如果使用MapPageRoute，可能是PageRouteHandler中存在错误，因为嵌套的URL结构：

de / {organization} - ＆gt;是允许的

de / {organization} / profile - ＆gt;不允许

如果您编写自己的RouteHandler并使用UrlAuthorizationModule.CheckUrlAccessForPrincipal，则所有工作都按预期工作。

routes.Add("", new Route("de/{organisation}/profile",
                                        null,
                                        new RouteValueDictionary { { "organisation", organisationConstraint } },
                                        new WebFormRouteHandler("~/secure/profile.aspx", true)));

public class WebFormRouteHandler : IRouteHandler
{
    public WebFormRouteHandler(string virtualPath)
        : this(virtualPath, true)
    {
    }

    public WebFormRouteHandler(string virtualPath, bool checkPhysicalUrlAccess)
    {
        this.VirtualPath = virtualPath;
        this.CheckPhysicalUrlAccess = checkPhysicalUrlAccess;
    }

    public string VirtualPath { get; private set; }

    public bool CheckPhysicalUrlAccess { get; set; }

    public IHttpHandler GetHttpHandler(RequestContext requestContext)
    {
        if (this.CheckPhysicalUrlAccess && !UrlAuthorizationModule.CheckUrlAccessForPrincipal(this.VirtualPath, requestContext.HttpContext.User, requestContext.HttpContext.Request.HttpMethod))
        {
            requestContext.HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
            requestContext.HttpContext.Response.End();
        }

        var display = BuildManager.CreateInstanceFromVirtualPath(this.VirtualPath, typeof(Page)) as IHttpHandler;

        return display;
    }
}

从带有URLRouting的FormsAuthentication迁移到OWIN后的安全页面上的HTTPException - 没有重定向到LoginPath

1 个答案: