我正在使用MVC 5,现在收到以下消息:
“请求过滤模块配置为拒绝查询字符串太长的请求。”
为什么我的查询字符串太长了?
注意它是如何反复重复相同的信息。我目前正在尝试使用全局过滤来默认[授权],但我没有改变WEB.CONFIG中的任何内容......导致这种情况的原因是什么?
QUERY STRING LOKS喜欢:
本地主机:80 / yourapplication /帐户/登录RETURNURL =%2Fyourapplication%2Faccount%2Flogin%3FReturnUrl%3D%252Fyourapplication%252Faccount%252Flogin%253FReturnUrl%253D%25252Fyourapplication%25252Faccount%25252Flogin%25253FReturnUrl%25253D%2525252Fyourapplication%2525252Faccount%2525252Flogin%2525253FReturnUrl %2525253D%252525252Fyourapplication%252525252Faccount%252525252Flogin%252525253FReturnUrl%252525253D%25252525252Fyourapplication%25252525252Faccount%25252525252Flogin%25252525253FReturnUrl%25252525253D%2525252525252Fyourapplication%2525252525252Faccount%2525252525252Flogin%2525252525253FReturnUrl%2525252525253D%252525252525252Fyourapplication%252525252525252Faccount%252525252525252Flogin%252525252525253FReturnUrl%252525252525253D%25252525252525252Fyourapplication%25252525252525252Faccount%25252525252525252Flogin%25252525252525253FReturnUrl %25252525252525253D%2525252525252525252Fyourapplication%2525252525252525252Faccount%2525252525252525252Flogin%2525252525252525253FReturnUrl%2525252 525252525253D%252525252525252525252Fyourapplication%252525252525252525252Faccount%252525252525252525252Flogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252Fyourapplication%25252525252525252525252Faccount%25252525252525252525252Flogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252Fyourapplication%2525252525252525252525252Faccount%2525252525252525252525252Flogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252Fyourapplication%252525252525252525252525252Faccount%252525252525252525252525252Flogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252Fyourapplication%25252525252525252525252525252Faccount%25252525252525252525252525252Flogin%25252525252525252525252525253FReturnUrl% 25252525252525252525252525253D%2525252525252525252525252525252Fyourapplication%2525252525252525252525252525252Faccount%2525252525252525252525252525252Flogin%25252 52525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252Fyourapplication%252525252525252525252525252525252Faccount%252525252525252525252525252525252Flogin
代码看起来像:
我正在测试我是否可以默认[授权]无处不在仍然有我的自定义错误页面出现。但是,出现上述错误而不是重定向。我在WEB.CONFIG中没有“httpErrors”或“customErrors”条目。
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
protected void Application_Error(object sender, EventArgs e)
{
var exception = Server.GetLastError();
var httpException = exception as HttpException;
Response.Clear();
Server.ClearError();
var routeData = new RouteData();
routeData.Values["controller"] = "Error";
routeData.Values["action"] = "General";
routeData.Values["exception"] = exception;
Response.StatusCode = 500;
if (httpException != null)
{
Response.StatusCode = httpException.GetHttpCode();
switch (Response.StatusCode)
{
case 403:
routeData.Values["action"] = "Forbidden";
break;
case 404:
routeData.Values["action"] = "NotFound";
break;
case 500:
routeData.Values["action"] = "UnExpected";
break;
}
}
IController errorsController = new ErrorController();
var rc = new RequestContext(new HttpContextWrapper(Context), routeData);
errorsController.Execute(rc);
}
public class FilterConfig
{
#region <Methods>
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
// FORCE: Authorize on all actions (by default)
filters.Add(new AuthorizeAttribute());
}
#endregion
}
// The AUTHORIZE ATTRIBUTE is now defaulted on all actions...so we don't need it here
public class AccountController : BaseController
{
#region <Actions>
[HttpGet]
// The TEST is to see the ERRORS PAGE COME UP so put nothing here
public ActionResult Login(string returnUrl)
{
// The user-call should be redirected to the error page when called...but oddly isn't
}
#endregion
}
[AllowAnonymous]
public class ErrorsController : Controller
{
#region <Actions>
// GET: /Errors/Unexpected
[HttpGet]
[AllowAnonymous]
public ActionResult Unexpected()
{
TraceHandler.TraceIn(TraceLevel.Error);
var unitOfWork = new ApplicationUnitOfWork();
var viewModel = new UnExpectedErrorViewModel(unitOfWork);
Response.StatusCode = (int)viewModel.StatusCode;
Response.TrySkipIisCustomErrors = true;
TraceHandler.TraceOut();
return View(viewModel);
}
// GET: /Errors/Forbidden
[HttpGet]
[AllowAnonymous]
public ActionResult Forbidden()
{
TraceHandler.TraceIn(TraceLevel.Error);
var unitOfWork = new ApplicationUnitOfWork();
var viewModel = new ForbiddenErrorViewModel(unitOfWork);
Response.StatusCode = (int)viewModel.StatusCode;
Response.TrySkipIisCustomErrors = true;
Response.SuppressFormsAuthenticationRedirect = true;
TraceHandler.TraceOut();
return View(viewModel);
}
// GET: /Errors/NotFound
[HttpGet]
[AllowAnonymous]
public ActionResult NotFound()
{
TraceHandler.TraceIn(TraceLevel.Error);
var unitOfWork = new ApplicationUnitOfWork();
var viewModel = new NotFoundErrorViewModel(unitOfWork);
Response.StatusCode = (int)viewModel.StatusCode;
Response.TrySkipIisCustomErrors = true;
TraceHandler.TraceOut();
return View(viewModel);
}
#endregion
}
答案 0 :(得分:1)
出于某种原因,您的登录页面会将您重定向到登录页面,登录页面又会重定向到登录页面...
您使用的是标准的Asp.net MVC登录系统吗?您更改了哪些配置?您是否删除了登录方法上的[AllowAnonymous]属性?
[Authorize]上有AccountController个属性,只允许登录用户查看所有操作。显然,Login和Register以及匿名用户应该访问的任何其他方法都不需要这样做。
答案 1 :(得分:0)
为什么我的查询字符串太长了?
允许用户登录。您的全局[Authorize]过滤器正在检查您是否已登录,它发现它为false并再次将您重定向到登录页面,从而无限重定向,从而在每次重定向时增加查询字符串。
解决方案是在您希望用户直接访问的方法上添加[AllowAnonymous]属性。在这种情况下,只需在登录方法上添加[AllowAnonymous]属性,您就可以了。