ASP.Net 4.5表单身份验证/授权无效

时间:2015-11-21 14:42:48

标签: c# asp.net forms-authentication

我开始使用个人帐户的默认WebForms项目。我有一堆内容,我用数据库连接建立。我想将所有内容限制为经过身份验证的用户,但default.aspx

除外

我在SQL数据库中成功建立了Identity表结构,可以“注册”新用户。一切正常。但是,当我将身份验证设置添加到web.config时,请参阅下面的内容,这一切都会中断。

<system.web>
    <authentication mode="Forms">
        <forms name=".FormsAuth" loginUrl="Login.aspx" protection="All" slidingExpiration="false" requireSSL="false" />
    </authentication>

    <authorization>
        <deny users="?"/>
    </authorization>
</system.web>
<location path="Default.aspx">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

我希望这能让我查看我的Default.aspx页面并重定向,如果我离开它。相反,我尝试重定向到\account\login并失败并显示此消息。

  

HTTP错误404.15 - 未找到请求过滤模块是   配置为拒绝查询字符串太长的请求。

ReturnURL很大,似乎在重演。我试过从头开始寻找一个开始的例子,但没有找到一个有效的。这应该很简单。

  

http://localhost:58573/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FDefault

2 个答案:

答案 0 :(得分:0)

我想出来了。我不得不从web.config中删除一般的“拒绝所有匿名”声明:

 <!--<authorization>
        <deny users="?"/>
      </authorization>-->

...我试图用来限制除登录页面以外的所有内容。 我将所有内容移动到几个子文件夹中,然后使用位置标记和相同的拒绝用户语句调出它们。

<location path="System">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
    <location path="Reports">
      <system.web>
        <authorization>
          <deny users="?"/>
        </authorization>
      </system.web>
  </location>

此时它似乎“正常”工作,现在如果未经过身份验证,则会将用户重定向到login.aspx。

答案 1 :(得分:0)

由于使用web.config,拒绝了\ account \ login.aspx。     ...

<authorization>
    <deny users="?"/>
</authorization>

当您重定向到登录页面时,由于禁止匿名访问,您将再次重定向到登录页面,从而导致递归。 您可以在帐户文件夹中创建web.config。内容如下:

<system.web>
<authorization>
    <allow users="*"/>
</authorization>