我正在开发一个Asp.Net Core应用程序。我正在使用内置Identity进行登录,角色,授权和身份验证。我正在Windows机器上使用IIS Express开发/测试/调试。当我以非管理员用户身份登录并尝试导航到只有管理员可以访问的URL(整个控制器上的Authorize属性)时,应用程序会重定向到拒绝访问的URL,但之后我收到一条错误消息说url查询字符串太长了。在检查网址时,它似乎有重复的部分。我会尝试将其粘贴在下面。我应该将此报告为错误,还是可以更改设置以防止它?
https://localhost:44383/Account/AccessDenied?ReturnUrl=%2FAccount%2FAccessDenied%3FReturnUrl%3D%252FAccount%252FAccessDenied%253FReturnUrl%253D%25252FAccount%25252FAccessDenied%25253FReturnUrl%25253D%2525252FAccount%2525252FAccessDenied%2525253FReturnUrl%2525253D%252525252FAccount%252525252FAccessDenied%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FAccessDenied%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FAccessDenied%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FAccessDenied%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FAccessDenied%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FAccessDenied%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FAccessDenied%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FAccessDenied%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FAccessDenied%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FAccessDenied%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FAccessDenied%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FAccessDenied%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FAccessDenied%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FAccessDenied%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAdmin%2525252525252525252525252525252525252FEditUser%2525252525252525252525252525252525252Ff61bbba3-42b5-4831-8ff1-4d92e42d5d99
答案 0 :(得分:3)
你收到的网址有一个无限的重定向循环,每个循环再次添加网址并传递给自己。
在默认的ASP.NET核心标识模板中,AccountController归因于[Authorize]属性,这意味着任何已登录的用户都可以访问它。
在尝试访问/ Account / AccessDenied路由/操作时,您被重定向的事实意味着登录使用并不具有访问它的权限。
如果您需要使用其他身份验证方案[Authorize(Scheme = "SomethingElse")],或者在需要特殊群组[Authorize(Roles = "Something")]的情况下(根据您的上次评论),就会发生这种情况。
即使您有一些有效的理由在控制器级别更改它,您也应该能够设置
[HttpGet]
[Authorize]
public IActionResult AccessDenied(string returnUrl) { ... }
要对其进行例外处理或使用
[HttpGet]
[AllowAnonymous]
public IActionResult AccessDenied(string returnUrl) { ... }
允许任何用户访问它。