授权行为不一致
[英]Inconsistent behaviour of authorization
问题描述
I have an ASP.NET MVC5 application. 
我有一个ASP.NET MVC5应用程序。 I have a controller called AjaxController . 我有一个名为AjaxController的控制器。 There is a method SaveComment which is not decorated with [Authorize] attribute. 有一种方法SaveComment没有用[Authorize]属性修饰。 The controller itself is not attributed with the above class as well. 控制器本身也不属于上述类。 Basically the code is as follows 基本上代码如下
public class AjaxController : BaseController {
public ActionResult SaveComment(CommentViewModel viewModel) {
// stuff
}
// stuff
}
public abstract class BaseController : Controller {
// some comment stuff
}
And this is the Web.config setup 这是Web.config设置
<authentication mode="Forms">
<forms loginUrl="/Login" timeout="20" slidingExpiration="true" />
</authentication>
But when I request it from the browser, it redirects me to the login page. 但是,当我从浏览器中请求它时,它会将我重定向到登录页面。 What can be the reason of a such behavior? 发生这种行为的原因可能是什么?
EDIT 编辑
I don't override the OnActionExecuted and OnActionExecuting and methods do something with authentication pipeline either. 我不会覆盖OnActionExecuted和OnActionExecuting并且方法也可以对身份验证管道进行操作。
EDIT 编辑
A few more details: I have two more controllers HomeController and LoginController which are working perfect without authorization. 其他一些细节:我还有两个控制器HomeController和LoginController ,它们在未经授权的情况下都可以正常工作。 Also I have another controller that forces authorization MyController , and the class itself decoraded with Authorize , and when I tried to decorate some action with AllowAnonymous , the attribute was ignored and it redirected to the login page. 另外,我还有另一个控制器,用于强制授权MyController ,并且类本身使用Authorize装饰,当我尝试使用AllowAnonymous装饰某些操作时,该属性被忽略,并将其重定向到登录页面。
1 个解决方案
解决方案1
0 2014-02-17 09:17:39
Can you please try this: 您能尝试一下吗:
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
Hope this helps.. 希望这可以帮助..
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.