stackoom
  简体   繁体   中英

ASP.NET Forms authentications

 原文  2017-04-30 16:22:06       c#/ asp.net/ forms/ iis

Question

I have created new Project > ASP.NET Web Application (with individual user accounts). To root web.config I have added ` 

<authentication mode="Forms">
      <forms loginUrl="log.aspx" defaultUrl="about.aspx"/>
    </authentication>

<authorization>
  <deny users="?"/>
</authorization>`

in order to redirect every not authenticated user to log.aspx (it exists in project root). But when I run my project now I got error

HTTP Error 404.15 - Not Found

The request filtering module is configured to deny a request where the query string is too long. 

 Requested URL http://localhost:55371/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAbout.aspx

Physical Path D:\\Visual Studio workplace\\WebApplication4\\WebApplication4\\Account\\Login

Suggested fix is change maxquerystring so I did it as here . And then error changed

Exception Details: System.Web.HttpException: The length of the query string for this request exceeds the configured maxQueryStringLength value.

To me it looks like some infinite loop. Could you please tell me why the first error mentions /account/login which is default in this project? Also what is a solution in this situation?

I am using VS2015 with IIS Express.

2 answers

solution1
 0 ACCPTED  2017-04-30 17:56:50

When you select "Individual User Accounts" during project creation you are setting up authentication to use ASP.Net Identity which is a completely different system than Forms Authentication.

You don't want to mix them, use one or the other. But be aware Forms Auth is now much weaker security than Identity which basically sets up a modern Token server within your website.

solution2
 0  2018-04-25 18:43:16

I have seen this same error posted many times and as I have encountered the same problem myself and all of the answers were not helping me, until I found the real solution to the problem. The original question says: "I have created new Project > ASP.NET Web Application ..." and it says he changed the web.config file. Indeed there is an infinite loop that is occuring because the web.config is set to deny access to any unauthenticated user to every page of the site that is including the login page itself! That is causing the loop. In order to avoid the infinite loop one should grant access to at least the login page. I made that, placing another web.config file inside the folder where my login page is placed, and with the following code inside it: 

<?xml version="1.0" encoding="utf-8"?>
  <configuration>
    <system.web>
       <authorization>
          <allow users="?"/>
       </authorization>
    </system.web>
  </configuration>

This grants unauthorized access to all pages inside the folder, so be sure to put your login page there and that's all.

Edited: it is important to say that this approach is using Forms Authentication.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use Attributes for authentications on ASP.NET Webpage? ASP.NET CORE. Reset all authentications Asp.net mvc Identity. Logic of limiting authentications Two forms in ASP.NET ASP.NET Forms Application ASP.NET Forms autosave ASP.Net Routing in asp.net web-forms Error Message in ASP.NET Web Forms Asp.net Web Forms Vertical Table Convert Windows Forms application into Asp.net
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM