尝试访问未授权控制器操作时未返回ReturnURl

时间:2018-12-07 12:26:20

标签: asp.net-mvc asp.net-mvc-4 asp.net-mvc-3 model-view-controller

我已经用登录名创建了控制器,下面的方法可以访问登录页面

    [HttpGet]
    [AllowAnonymous]
    public ActionResult Login(string ReturnUrl)
    {
        if (User.Identity.IsAuthenticated)
        {
            FormsAuthentication.SignOut();
        }
        ViewBag.ReturnUrl = ReturnUrl;         
         return View(); 
    }

    [HttpPost]
    public ActionResult Login(ClientModel model)
    {
        var result = _logservices.ClientLogin(model);
        if (result.Email == null)
        {
            AddCustomErrors("Invalid Credential");
        }
        else
        {
            SignIn(result.Id + "_" + result.Name + "_" + result.Email + "_" + result.PhoneNumber + "_" + result.CompanyName, true, true, "Admin", model.ReturnUrl);
            if (!String.IsNullOrEmpty(Convert.ToString(Session["returnurl"])))
                return RedirectToAction(Convert.ToString(Session["returnurl"]));
            else
                return RedirectToAction("GetTicketList", "Ticket");
        }
        return View(model);
    }

我的登录视图如下所示

 @using (Html.BeginForm("Login", "Login", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { role = "form" }))
        {
        }

现在我有另一个控制器名称Ticket,在那儿我做了如下的authorize方法

    [HttpGet]
    [Authorize(Roles = Admin)]
    public ActionResult CreateTicket()
    {
        TicketModel model = new TicketModel();
        model.TicketStatus = _ticketservices.GetTicketStatus();
        if (User.Identity.IsAuthenticated)
        {
            model.ClientId = Convert.ToInt32(User.Identity.Name.Split('_')[0]);
            model.ContactName = User.Identity.Name.Split('_')[1];
            model.Email = User.Identity.Name.Split('_')[2];
            model.PhoneNumber = User.Identity.Name.Split('_')[3];
            model.TicketStatusID = 1;
        }
        return View(model);
    }

在global.asax页面中,我的返回代码如下

  protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
    {
        try
        {
            var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                if (authTicket != null && !authTicket.Expired)
                {
                    var roles = authTicket.UserData.Split(',');
                    HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(authTicket), roles);
                }
            }
        }
        catch (Exception ex)
        {
            FormsAuthentication.SignOut();
        }
    }

但是当我尝试使用url作为Ticket / CreateTicket访问我的方法时,它显示401错误,而不是使用返回URL作为ticket.GetTicket重定向到登录页面。 我是否在web.config或其他任何东西上丢失了

当我尝试不登录而访问此页面时,我希望自己的网址为sitename.com/login?ReturnURL=Ticket/CreateTicket。

0 个答案:

没有答案
相关问题
最新问题