[英]Inconsistent behaviour of authorization
I have an ASP.NET MVC5 application. 我有一个ASP.NET MVC5应用程序。 I have a controller called
AjaxController
. 我有一个名为
AjaxController
的控制器。 There is a method SaveComment
which is not decorated with [Authorize]
attribute. 有一种方法
SaveComment
没有用[Authorize]
属性修饰。 The controller itself is not attributed with the above class as well. 控制器本身也不属于上述类。 Basically the code is as follows
基本上代码如下
public class AjaxController : BaseController {
public ActionResult SaveComment(CommentViewModel viewModel) {
// stuff
}
// stuff
}
public abstract class BaseController : Controller {
// some comment stuff
}
And this is the Web.config
setup 这是
Web.config
设置
<authentication mode="Forms">
<forms loginUrl="/Login" timeout="20" slidingExpiration="true" />
</authentication>
But when I request it from the browser, it redirects me to the login page. 但是,当我从浏览器中请求它时,它会将我重定向到登录页面。 What can be the reason of a such behavior?
发生这种行为的原因可能是什么?
EDIT
编辑
I don't override the OnActionExecuted
and OnActionExecuting
and methods do something with authentication pipeline either. 我不会覆盖
OnActionExecuted
和OnActionExecuting
并且方法也可以对身份验证管道进行操作。
EDIT
编辑
A few more details: I have two more controllers HomeController
and LoginController
which are working perfect without authorization. 其他一些细节:我还有两个控制器
HomeController
和LoginController
,它们在未经授权的情况下都可以正常工作。 Also I have another controller that forces authorization MyController
, and the class itself decoraded with Authorize
, and when I tried to decorate some action with AllowAnonymous
, the attribute was ignored and it redirected to the login page. 另外,我还有另一个控制器,用于强制授权
MyController
,并且类本身使用Authorize
装饰,当我尝试使用AllowAnonymous
装饰某些操作时,该属性被忽略,并将其重定向到登录页面。
Can you please try this: 您能尝试一下吗:
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
Hope this helps.. 希望这可以帮助..
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.