[英]ReturnUrl Points to an ActionResult
Here is how the scenario goes: 这是场景的方式:
TestController
's Index
method TestController
的Index
方法的链接 TestController
TestController
上的ActionMethod的链接 Index
Action Method Index
操作方法 TestController : TestController :
[Authorize]
public class TestController : Controller
{
// GET: Test
public ViewResult Index()
{
return View();
}
[ValidateInput(false)]
public ActionResult ActionTest()
{
return new EmptyResult();
}
}
HomeController : HomeController :
[Authorize]
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
}
AccountController : AccountController :
public class AccountController : Controller
{
[AllowAnonymous]
public ActionResult Login()
{
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
try
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
return RedirectToAction(controllerName: "Home", actionName: "Index");
}
catch
{
return View(model);
}
}
return View(model);
}
}
Login.chtml Login.chtml
@model TestLoginProject.Models.LoginViewModel
@{
Layout = null;
}
<!DOCTYPE html>
<html lang="en">
<head>
.....................
</head>
<body>
<div class="container">
@using (@Html.BeginForm("Login", "Account", new { returnUrl = Request.QueryString["ReturnUrl"] }, FormMethod.Post, new { @class = "form-signin" }))
{
@Html.AntiForgeryToken()
....................
....................
}
</div>
</body>
</html>
Web Config Web配置
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
The expectation of the return url is : 返回网址的期望是 :
http://localhost:2441/Account/Login?ReturnUrl=%2fTest%2fIndex
HTTP://本地主机:2441 /帐号/登录RETURNURL =%2fTest%2fIndex
Instead, the current value is : 相反,当前值是 :
http://localhost:2441/Account/Login?ReturnUrl=%2fTest%2fActionTest
HTTP://本地主机:2441 /帐号/登录RETURNURL =%2fTest%2fActionTest
Notes : 备注 :
This is a normal behavior that you mentioned! 这是你提到的正常行为!
The MVC framework redirects user to Login page and attaches the ActionMethod name to the URL instead of attaching the
Index
Action MethodMVC框架将用户重定向到Login页面,并将ActionMethod名称附加到URL,而不是附加
Index
操作方法
Many thanks to MVC Security pipeline. 非常感谢MVC Security管道。 When you use forms authentication and the user is not authenticated or authorized, the ASP.NET security pipeline redirects to the login page and passes
returnUrl
as a parameter equal to the page that redirected to the login page (here is the controller action which requires authorization which you called by clicking on a link). 当您使用表单身份验证并且用户未经过身份验证或授权时,ASP.NET安全管道会重定向到登录页面并将
returnUrl
作为参数传递给等于重定向到登录页面的页面 (这是需要授权的控制器操作)您通过单击链接调用的)。
So here you can't expect index (currently loaded page with no valid and persistent authentication) and subsequently the ActionMethod
calls security pipeline and the returnurl
is enumerated just in time. 所以在这里你不能指望索引 (当前加载的页面没有有效和持久的身份验证),随后
ActionMethod
调用安全管道,并且会returnurl
枚举returnurl
。
Note that this is because of Synchronized communication between Controller and View. 请注意,这是因为Controller和View之间的同步通信。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.