asp.net-mvc – 用户不在角色时的ASP.NET登录重定向循环

我在ASP.NET MVC 5中实现角色时遇到了一些困难.我试图以没有访问我想要访问的应用程序区域所需角色的用户身份登录.在这种情况下我期望的是,我再次被重定向到登录页面,直到我输入一组有访问权限的凭据或我导航到应用程序的另一个区域.

实际发生的是应用程序似乎进入登录重定向循环,调试通过显示多次调用Login操作.

这是登录操作：

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
    ViewBag.ReturnUrl = returnUrl;
    return View();
}

这会导致IIS生成错误：

HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.

查询字符串如下所示：

http://localhost/MyApplication/Account/Login?ReturnUrl=%2FMyApplication%2FAccount%2FLogin%3FReturnUrl%3D%252FMyApplication%252FAccount%252FLogin%253FReturnUrl%253D%25252FMyApplication%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FMyApplication%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FMyApplication%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FMyApplication%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FMyApplication%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FMyApplication%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FMyApplication%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FMyApplication%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FMyApplication%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FMyApplication%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FMyApplication%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FMyApplication%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FMyApplication%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FMyApplication%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FMyApplication%252525252525252525252525252525252F

我从一个有效的解决方案(虽然没有基于角色的授权)到我当前破碎的情况所做的唯一改变是在成功登录时重定向到控制器上面添加以下内容：

[Authorize(Roles = "Staff")]

正如我之前所说,我登录的用户不是这个角色,但我希望在没有循环的情况下,理智,单一重定向到Login.

编辑：请求bu @dima,通过过滤器应用授权的详细信息……我有以下内容：

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());
        filters.Add(new AuthorizeAttribute());
    }
}

但是,我已经测试了使用和不使用此行的应用程序,并且重定向循环继续有增无减.

解决方法

最初,我添加了相同的AuthorizationAttribute过滤器,并发现自己在同一个循环中.然后我把它拿走并开始将authorize属性添加到各个控制器,并发现无限循环仅在将authorize属性添加到我的家庭控制器时发生.事实证明我的HomeController在我的AccountController之后被调用了.

问题

在我的_Layout.cshtml中,我调用了以下内容：

@Html.Action("LeftNav","Home")

布局页面将正确呈现正文,但是当它到达时,它正在命中具有授权属性的控制器方法.这导致重定向到帐户/登录.

将AllowAnonymous属性添加到LeftNav操作解决了该问题.

解决方案

确保您的“登录”视图和布局不会调用具有authorize属性的任何操作.

自从发现这一点以来,我为未经授权的请求创建了一个自定义布局,以避免出现更多此类潜在问题.

（编辑：安卓应用网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!