ASP.NET 4.5 C# 表单身份验证访问被拒绝登录页面
[英]ASP.NET 4.5 C# Forms Authentication access denied to login page
问题描述
I have found some posts on this, but I can't seem to find the right solution:
我找到了一些关于此的帖子,但似乎找不到正确的解决方案:
I have a .net 4.0 web application that uses Forms authentication very good.我有一个 .net 4.0 web 应用程序,它使用表单身份验证非常好。 Now, I wanted to implement the same thing in a new project in 4.5, but I keep getting a 401.2 (access denied) error on the login page when I enter an unauthorized section.现在,我想在 4.5 的新项目中实现同样的事情,但是当我进入未经授权的部分时,我在登录页面上不断收到 401.2(访问被拒绝)错误。
The application redirects correctly(in an mvc way of things, without the .aspx in my pages), but on the login page, I keep getting the error that I am unauthorized to view this page due to server configurations.应用程序正确重定向(以 mvc 方式,我的页面中没有 .aspx),但在登录页面上,我不断收到错误消息,由于服务器配置,我无权查看此页面。
I then tried the demo from microsoft, which says framework 4.5 is supported, but it still doesn't work.然后我尝试了微软的演示,它说支持框架 4.5,但它仍然不起作用。
This is my general web.config section:这是我的一般 web.config 部分:
<authentication mode="Forms">
<forms loginUrl="/admin/Login.aspx" />
</authentication>
And this is the web.config in my folder which I want to be protected from unauthorized users:这是我的文件夹中的 web.config,我想保护它免受未经授权的用户的侵害:
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
When I set allow users="*" the application works fine, and I can enter every page.当我设置 allow users="*" 时,应用程序工作正常,我可以进入每个页面。 I then thought it might have something to do with the mvc approach in my forms authentication, but that doesn't seem to be the problem, I also tried this fix from Rick Strahl, but that didn't help.然后我认为这可能与我的表单身份验证中的 mvc 方法有关,但这似乎不是问题,我也尝试了 Rick Strahl 的此修复程序,但这没有帮助。 ( link ) ( 链接)
Any ideas?有任何想法吗?
EDIT When I change the location of my login.aspx to a folder outside the protected area I get redirected correctly, but I would like to keep the login.aspx page inside the protected folder, as I did before.编辑当我将 login.aspx 的位置更改为受保护区域外的文件夹时,我会正确重定向,但我想像以前一样将 login.aspx 页面保留在受保护的文件夹内。 visual studio automatically allows access to the loginUrl="", no? Visual Studio 自动允许访问 loginUrl="",不是吗?
6 个解决方案
解决方案1
3 2018-03-20 20:11:27
In my case, the issue was related to Visual Studio 2017. My task was to convert an old .net website to a web application project.就我而言,该问题与 Visual Studio 2017 相关。我的任务是将旧的 .net 网站转换为 Web 应用程序项目。 As part of the task, I created a new VS2017 web application project, copied in needed files from old web site code base, ran Convert to Web Application, added namespaces, etc, and got things working, mostly.作为任务的一部分,我创建了一个新的 VS2017 Web 应用程序项目,从旧网站代码库复制所需的文件,运行转换为 Web 应用程序,添加命名空间等,并且大部分情况下都可以正常工作。
The app uses forms authentication and the webconfig forms tag references LocalLogin.aspx page, but I would get an "access is denied" msg in the browser and could never get to the LocalLogin.aspx page.该应用程序使用表单身份验证,并且 webconfig 表单标记引用 LocalLogin.aspx 页面,但我会在浏览器中收到“访问被拒绝”消息,并且永远无法访问 LocalLogin.aspx 页面。 After much googling I found this:经过多次谷歌搜索,我发现了这一点:
"Visual Studio 2017 will automatically add a NuGet package called Microsoft.AspNet.FriendlyUrls to your website or web app project. Because of this package, forms authentication will not work and even the login page will not render many times." “Visual Studio 2017 会自动将一个名为 Microsoft.AspNet.FriendlyUrls 的 NuGet 包添加到您的网站或 Web 应用程序项目中。由于这个包,表单身份验证将不起作用,甚至登录页面也不会多次呈现。” Go to this thread for more info:转到此线程以获取更多信息:
Login Page in ASP.NET application with FormsAuthentication access denied ASP.NET 应用程序中的登录页面,FormsAuthentication 访问被拒绝
After looking at the possible solutions in that thread, I opted to remove the friendly urls reference (Microsoft.AspNet.FriendlyUrls), and leave the extensions on the loginUrl and defaultUrl elements in the web.config forms tag.在查看该线程中的可能解决方案后,我选择删除友好 url 引用 (Microsoft.AspNet.FriendlyUrls),并将扩展名保留在 web.config 表单标记中的 loginUrl 和 defaultUrl 元素上。 Incidentally, there was no NuGet package added to the solution, just the reference.顺便说一下,解决方案中没有添加 NuGet 包,只是参考。 I removed the reference, and also had to comment out a routeconfig call and method.我删除了引用,还必须注释掉一个 routeconfig 调用和方法。
After doing this, it still gave the "access is denied" msg in the browser, but it turns out that I also needed to remove a cached permanent 301 redirect to friendly urls from the browser, which was created by the use of the FriendlyUrls component to begin with.这样做之后,它仍然在浏览器中给出“访问被拒绝”的消息,但事实证明我还需要从浏览器中删除缓存的永久 301 重定向到友好 URL,这是通过使用 FriendlyUrls 组件创建的开始。
I googled "remove 301 redirect from browser cache", and followed this:我用谷歌搜索“从浏览器缓存中删除 301 重定向”,然后按照以下步骤操作:
"To clear a permanent redirect, go to chrome://net-internals. On the right of the top red status bar, click on the down arrow ▼ to open the drop-down menu, and under the "Tools" group, choose "Clear cache". As of version 48, this was the only thing that worked for me to clear a cached 301." “要清除永久重定向,请转到 chrome://net-internals。在顶部红色状态栏的右侧,单击向下箭头 ▼ 打开下拉菜单,然后在“工具”组下,选择“清除缓存”。从版本 48 开始,这是我清除缓存 301 的唯一方法。”
How long do browsers cache HTTP 301s? 浏览器将 HTTP 301 缓存多长时间?
Now, all is well, and hopefully some of my pulled out hair grows back!现在,一切都很好,希望我拔出的一些头发能长回来!
解决方案2
0 2015-07-11 18:42:08
Ensure that your web.config file has the correct connection settings to your aspnetdb and that you are using the correct membership provider.确保您的 web.config 文件具有与 aspnetdb 的正确连接设置,并且您使用的是正确的成员资格提供程序。
Some other trouble shooting tips:其他一些故障排除技巧:
Right click your web solution and ensure that the following properties are set:右键单击您的 Web 解决方案并确保设置了以下属性:
- Anonymous Authentication = Enabled匿名身份验证 = 已启用
- Windows Authentication = Disabled Windows 身份验证 = 已禁用
- Set a break-point in your app and ensure that you are hitting the correct database.在您的应用程序中设置断点并确保您访问正确的数据库。 If you have not registered an account then you should be redirected to the register web page.如果您还没有注册帐户,那么您应该被重定向到注册网页。
In 4.5 the default layout will create a Account folder with the Login,register, and other OpenAuthProviders type webpages so you can manage all the user security.在 4.5 中,默认布局将创建一个包含登录、注册和其他 OpenAuthProviders 类型网页的帐户文件夹,以便您可以管理所有用户安全。 However you do not have to follow this model.但是,您不必遵循此模型。 I would read this from MSDN How to: Implement Simple Forms Authentication我会从 MSDN How to:Implement Simple Forms Authentication读到这个
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/" />
</authentication>
解决方案3
0 2016-07-31 02:25:26
To my run commenting me the next module in the web.config :为了我的跑步评论 web.config 中的下一个模块:
<system.webServer>
<!--<modules><remove name="FormsAuthentication" />
</modules>-->
</system.webServer>
解决方案4
0 2019-05-17 01:51:03
Try to this- Replace your loginUrl试试这个 - 替换你的 loginUrl
loginUrl="~/admin/Login.aspx" loginUrl="~/admin/Login.aspx"
解决方案5
0 2020-04-01 17:04:43
Disabling friendly urls worked for me.禁用友好网址对我有用。
If you don't care about the implication of doing this, just remove routes.EnableFriendlyUrls(settings) from the RouteConfig class.如果您不关心这样做的含义,只需从RouteConfig类中删除routes.EnableFriendlyUrls(settings) RouteConfig 。
解决方案6
-1 2015-07-11 18:37:22
Please use below code and try.请使用下面的代码并尝试。 This is reverse way of doing这是相反的做法
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.