ASP.NET表单身份验证
[英]ASP.NET Forms authentications
问题描述
I have created new Project > ASP.NET Web Application (with individual user accounts). 
我创建了新的Project> ASP.NET Web应用程序(具有单个用户帐户)。 To root web.config I have added ` 为根web.config我添加了`
<authentication mode="Forms">
<forms loginUrl="log.aspx" defaultUrl="about.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>`
in order to redirect every not authenticated user to log.aspx (it exists in project root). 为了将每个未经身份验证的用户重定向到log.aspx(它存在于项目根目录中)。 But when I run my project now I got error 但是当我现在运行项目时,我得到了错误
HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.
Requested URL http://localhost:55371/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAbout.aspxPhysical Path D:\\Visual Studio workplace\\WebApplication4\\WebApplication4\\Account\\Login
Suggested fix is change maxquerystring so I did it as here . 建议的解决方法是更改maxquerystring,所以我按这里做 。 And then error changed 然后错误改了
Exception Details: System.Web.HttpException: The length of the query string for this request exceeds the configured maxQueryStringLength value.
To me it looks like some infinite loop. 在我看来,它就像是一个无限循环。 Could you please tell me why the first error mentions /account/login which is default in this project? 您能否告诉我为什么第一个错误提到/ account / login这个项目中的默认设置? Also what is a solution in this situation? 在这种情况下还有什么解决方案?
I am using VS2015 with IIS Express. 我将VS2015与IIS Express一起使用。
2 个解决方案
解决方案1
0 已采纳 2017-04-30 17:56:50
When you select "Individual User Accounts" during project creation you are setting up authentication to use ASP.Net Identity which is a completely different system than Forms Authentication. 在项目创建过程中选择“个人用户帐户”时,您将设置身份验证以使用ASP.Net Identity,这是与Forms身份验证完全不同的系统。
You don't want to mix them, use one or the other. 您不想混合使用它们中的一种。 But be aware Forms Auth is now much weaker security than Identity which basically sets up a modern Token server within your website. 但是请注意,Forms Auth现在的安全性比Identity弱得多,后者基本上在您的网站中设置了现代Token服务器。
解决方案2
0 2018-04-25 18:43:16
I have seen this same error posted many times and as I have encountered the same problem myself and all of the answers were not helping me, until I found the real solution to the problem. 我已经看到过多次发布相同的错误,我自己也遇到了相同的问题,并且所有答案都没有帮助我,直到我找到了解决该问题的真正方法为止。 The original question says: "I have created new Project > ASP.NET Web Application ..." and it says he changed the web.config file. 最初的问题是:“我创建了新的Project> ASP.NET Web应用程序...”,它说他更改了web.config文件。 Indeed there is an infinite loop that is occuring because the web.config is set to deny access to any unauthenticated user to every page of the site that is including the login page itself! 确实存在一个无限循环,因为web.config设置为拒绝对包含登录页面本身的网站每个页面的任何未经身份验证的用户的访问! That is causing the loop. 这导致了循环。 In order to avoid the infinite loop one should grant access to at least the login page. 为了避免无限循环,应至少授予登录页面访问权限。 I made that, placing another web.config file inside the folder where my login page is placed, and with the following code inside it: 我做到了,在登录页面所在的文件夹中放置了另一个web.config文件,并在其中包含以下代码:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</configuration>
This grants unauthorized access to all pages inside the folder, so be sure to put your login page there and that's all. 这将授予对文件夹内所有页面的未经授权的访问,因此请确保将您的登录页面放在此处。
Edited: it is important to say that this approach is using Forms Authentication. 编辑:很重要的一点是,这种方法正在使用表单身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.