[英]ASP.NET MVC 5 Wrong Redirect Login Page
I'm creating ASP.NET MVC 5 with "Individual User Accounts" Authentication Template. 我正在使用“个人用户帐户”身份验证模板创建ASP.NET MVC 5。 Then I create custom login page to authenticate user from database with Forms Authentication.
然后,我创建自定义登录页面,以使用Forms Authentication从数据库对用户进行身份验证。
<authentication mode="Forms">
<forms loginUrl="~/User/SignIn" timeout="2880" protection="All" />
</authentication>
For testing the custom login page, I add HomeController
with Authorize
attribute. 为了测试自定义登录页面,我添加了带有
Authorize
属性的HomeController
。 After run the visual studio, it redirect to the SignIn page 运行visual studio后,它会重定向到SignIn页面
The problem is when I remove Authorize
attribute at HomeController
and add authorize filter at FilterConfig.cs 问题是当我在
HomeController
删除Authorize
属性并在FilterConfig.cs上添加授权过滤器时
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new AuthorizeAttribute());
}
I've got HTTP error: "HTTP Error 401.0 - Unauthorized". 我有HTTP错误:“HTTP错误401.0 - 未经授权”。 How to fix this?
如何解决这个问题?
By doing this you place autherization restrictions on the login and register actions. 这样,您可以对登录和注册操作设置身份验证限制。 So basicly you need to be autherized to login or register.
因此,从根本上讲,您需要经过身份验证才能登录或注册。 Placing the allowAnonymous attributes on these actions might solve the problem.
在这些操作上放置allowAnonymous属性可能会解决问题。
Because i put the correct answer as a comment at least 8 mins before anyone did I'll add it as an answer. 因为我在任何人之前至少8分钟将正确的答案作为评论,我将其添加为答案。
You basically need to add the [AllowAnonymous] attribute to your SignIn action, because essentially the filter you have created is making every action require authorisation to 'view'. 您基本上需要将[AllowAnonymous]属性添加到SignIn操作中,因为您创建的过滤器实际上是要求每个操作都需要授权才能“查看”。
Taken from AllowAnonymous attribute information 取自AllowAnonymous属性信息
"...in ASP.NET MVC 4, it's baked in. By baked in, I mean that: There's a built-in AllowAnonymousAttribute in the the System.Web.Mvc namespace which whitelists actions for anonymous access." “ ...在ASP.NET MVC 4中,它已经被烘焙了。烘焙后,我的意思是:System.Web.Mvc命名空间中有一个内置的AllowAnonymousAttribute,它将匿名访问的操作列入白名单。”
Taken from Global action filters information 取自全局动作过滤器信息
"ASP.NET MVC 3.0 introduces global action filters - an easy way to apply an action filter to every action in an MVC application." “ ASP.NET MVC 3.0引入了全局动作过滤器-一种将动作过滤器应用于MVC应用程序中每个动作的简便方法。”
[AllowAnonymous]
public ActionResult SignIn() {
}
You've added a global attribute. 您已经添加了全局属性。 You need to append an attribute
[AllowAnonymous]
to the ones you want to not have the rule applied; 您需要在不想应用规则的属性上附加
[AllowAnonymous]
属性;
[AllowAnonymous]
public ActionResult Home() {
// ...
}
Becasue you add AuthorizeAttribute
to global filter. 请将
AuthorizeAttribute
添加到全局过滤器。 When you no authorized and access all action will redirect to "~/User/SignIn", But the action mapping "~/User/SignIn" also need you authorized. 当你没有授权和访问时,所有动作都会重定向到“〜/ User / SignIn”,但动作映射“〜/ User / SignIn”也需要你授权。 You can try this:
你可以试试这个:
public class NoNeedAuthorizeAttribute : Attribute
{
}
And inherit AuthorizeAttribute override OnAuthorization method, If a action has NoNeedAuthorize
attribute then ignore: 并继承AuthorizeAttribute重写OnAuthorization方法,如果操作具有
NoNeedAuthorize
属性,则忽略:
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.ActionDescriptor.GetCustomAttributes(typeof(NoNeedAuthorizeAttribute), true).Any())
{
base.OnAuthorization(filterContext);
}
}
Add the NoNeedAuthorizeAttribute
to your SignIn action: 将
NoNeedAuthorizeAttribute
添加到您的SignIn操作中:
public class UserController : Controller
{
[NoNeedAuthorize]
public ActionResult SignIn()
{
//Sign in code..
}
}
Finally, add 'GlobalAuthorizeAttribute' to globle filter: 最后,将'GlobalAuthorizeAttribute'添加到全局过滤器:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new GlobalAuthorizeAttribute());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.