我正在尝试在我的Web.Config文件中创建自定义错误,只有错误404可以正常工作。当我尝试重新定向到“拒绝访问”(401/403)页面时,它会将我重定向到我的登录页面,并在URL中显示
login.aspx的?RETURNURL =%2fIndex.aspx
我的Web.Config文件:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<connectionStrings>
<add name="ConnString" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\DVDRental.mdf;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.web>
<customErrors defaultRedirect="~/AccessDenied.aspx" mode="RemoteOnly">
<error statusCode="403" redirect="~/AccessDenied.aspx"/>
<error statusCode="402" redirect="~/AccessDenied.aspx"/>
<error statusCode="401" redirect="~/AccessDenied.aspx"/>
<error statusCode="404" redirect="~/noPage.aspx"/>
</customErrors>
</system.web>
<system.web>
<authentication mode="Forms" />
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="ConnString" applicationName="/" />
</providers>
</profile>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="ConnString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<roleManager defaultProvider="DefaultRoleProvider" enabled="true">
<providers>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="ConnString" applicationName="/" />
</providers>
</roleManager>
<!--
If you are deploying to a cloud environment that has multiple web server instances,
you should change session state mode from "InProc" to "Custom". In addition,
change the connection string named "DefaultConnection" to connect to an instance
of SQL Server (including SQL Azure and SQL Compact) instead of to SQL Server Express.
-->
<sessionState mode="InProc" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="ConnString" />
</providers>
</sessionState>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
<parameters>
<parameter value="v13.0" />
</parameters>
</defaultConnectionFactory>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
</entityFramework>
<location path="Manager">
<system.web>
<authorization>
<allow roles="Manager"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Bartosz">
<system.web>
<authorization>
<allow roles="Admin1, Manager"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Sam">
<system.web>
<authorization>
<allow roles="Admin2, Manager"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Paul">
<system.web>
<authorization>
<allow roles="Admin3, Manager"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Chris">
<system.web>
<authorization>
<allow roles="Admin4, Manager"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Index.aspx">
<system.web>
<authorization>
<allow roles="Admin4"/>
<allow roles="Admin3"/>
<allow roles="Admin2"/>
<allow roles="Admin1"/>
<allow roles="Manager"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
我也尝试将模式设置为“开”但仍然无效。
答案 0 :(得分:0)
您可以看到您的其他(重定向)aspx页面不在您的安全规则范围内。所以你要重定向到他们,但没有权限查看它们,直到你登录。
尝试将此添加到您的web.config
<location path="AccessDenied.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>