ReturnUrl指向ActionResult
[英]ReturnUrl Points to an ActionResult
问题描述
Here is how the scenario goes: 
这是场景的方式:
- Start an MVC project from scratch 从头开始创建MVC项目
- Test Controller decorated with [Authorize] attribute 使用[Authorize]属性修饰的测试控制器
- User Logs in and directed to Home 用户登录并定向到主页
- User clicks a link that redirects to the
TestController'sIndexmethod用户单击重定向到TestController的Index方法的链接 - User waits 60 seconds for the Forms Authentication to timeout 用户等待60秒以使表单身份验证超时
- User clicks a link that calls an ActionMethod residing on the
TestController用户单击调用驻留在TestController上的ActionMethod的链接 - The MVC framework redirects user to Login page and attaches the ActionMethod name to the URL instead of attaching the
IndexAction MethodMVC框架将用户重定向到Login页面,并将ActionMethod名称附加到URL,而不是附加Index操作方法
TestController : TestController :
[Authorize]
public class TestController : Controller
{
// GET: Test
public ViewResult Index()
{
return View();
}
[ValidateInput(false)]
public ActionResult ActionTest()
{
return new EmptyResult();
}
}
HomeController : HomeController :
[Authorize]
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
}
AccountController : AccountController :
public class AccountController : Controller
{
[AllowAnonymous]
public ActionResult Login()
{
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
try
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
return RedirectToAction(controllerName: "Home", actionName: "Index");
}
catch
{
return View(model);
}
}
return View(model);
}
}
Login.chtml Login.chtml
@model TestLoginProject.Models.LoginViewModel
@{
Layout = null;
}
<!DOCTYPE html>
<html lang="en">
<head>
.....................
</head>
<body>
<div class="container">
@using (@Html.BeginForm("Login", "Account", new { returnUrl = Request.QueryString["ReturnUrl"] }, FormMethod.Post, new { @class = "form-signin" }))
{
@Html.AntiForgeryToken()
....................
....................
}
</div>
</body>
</html>
Web Config Web配置
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
The expectation of the return url is : 返回网址的期望是 :
http://localhost:2441/Account/Login?ReturnUrl=%2fTest%2fIndex
Instead, the current value is : 相反,当前值是 :
http://localhost:2441/Account/Login?ReturnUrl=%2fTest%2fActionTest
Notes : 备注 :
- When a user clicks the link after timeout, no Test Actions are hit before the redirection to the Login page takes place 当用户在超时后单击链接时,在重定向到“登录”页面之前,不会执行任何“测试操作”
- All routes are the default as provided when starting an Empty MVC project from scratch in VS2017 在VS2017中从头开始执行Empty MVC项目时提供的所有路由都是默认路由
1 个解决方案
解决方案1
3 已采纳 2017-11-03 20:17:34
This is a normal behavior that you mentioned! 这是你提到的正常行为!
The MVC framework redirects user to Login page and attaches the ActionMethod name to the URL instead of attaching the
IndexAction MethodIndex操作方法
Many thanks to MVC Security pipeline. 非常感谢MVC Security管道。 When you use forms authentication and the user is not authenticated or authorized, the ASP.NET security pipeline redirects to the login page and passes returnUrl as a parameter equal to the page that redirected to the login page (here is the controller action which requires authorization which you called by clicking on a link). 当您使用表单身份验证并且用户未经过身份验证或授权时,ASP.NET安全管道会重定向到登录页面并将returnUrl作为参数传递给等于重定向到登录页面的页面 (这是需要授权的控制器操作)您通过单击链接调用的)。
So here you can't expect index (currently loaded page with no valid and persistent authentication) and subsequently the ActionMethod calls security pipeline and the returnurl is enumerated just in time. 所以在这里你不能指望索引 (当前加载的页面没有有效和持久的身份验证),随后ActionMethod调用安全管道,并且会returnurl枚举returnurl 。
Note that this is because of Synchronized communication between Controller and View. 请注意,这是因为Controller和View之间的同步通信。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.