Our organization has a central solution for forms authentication. I am trying to implement an ASP.Net MVC app that uses this external URL - and it worked till RC! was released...
Here's what's happening
In an ActionAttribute Extension
I check for s session var if not found check for a request data chuck if found, set the session var if not found - redirect to external URL if found continue.
The trouble is that till I updated to RC1, this worked. Since then, so many requests are being sent to the external URL that it detects a DoS attack and shuts me out!
I removed the redirection code and replaced it with the web.config changes for Forms Auth - and the same thing happened...
为什么不使用Microsoft Geneva而不是尝试推送自己的身份验证提供程序?
CODE:
public class MyAuthenticate : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.Session["user"] == null)
{
using (Authenticator dp = new Authenticator())
{
MyUser mu;
string data = string.Empty;
try
{
data = filterContext.HttpContext.Request["Data"];
}
catch { };
if (!string.IsNullOrEmpty(data))
{
mu = dp.Redeem(data);
if (mu.authenticated)
{
filterContext.HttpContext.Session.Clear();
AuthenticatedUser user = new AuthenticatedUser(mu);
filterContext.HttpContext.Session.Add("user", user);
FormsAuthentication.SetAuthCookie(user.UserId, false);
}
else
{
filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");
}
}
else
{
filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");
}
}
}
base.OnActionExecuting(filterContext);
}
}
}
I resolved this issue by creating a static dictionary of requesting IPs, and dropping duplicate requests from the same IP. Not a very nice solution - so if anyone figures out a better solution - let me know.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.