stackoom
  简体   繁体   中英

ASP.NET MVC 3 error when using forms authentication

 原文  2011-05-13 16:36:24       asp.net/ asp.net-mvc/ asp.net-mvc-3/ forms-authentication

Question

I'm using forms authentication for my MVC 3 application. I've added this line in my configuration: 

<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>

When i run the application (on my local box) I get the errors listed below and none of the CSS styles come through. But when I log-in, everything looks fine. So I guess I have a couple of questions:

  1. Is it best practice to add the authorization rules in the web.config or should I add it to the [Authorize] attribute within the controller.
  2. I only get the errors listed below when I add the authorization rules in the web.config. What am i missing?

Help would be appreciated. Thank you.

ps I'm using Internet Explorer 8

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; .NET CLR 2.0.50727; InfoPath.2; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Timestamp: Fri, 13 May 2011 15:48:19 UTC

Message: Syntax error Line: 1 Char: 1 Code: 0 URI: http://localhost:1361/Account/LogOn?ReturnUrl=%2fScripts%2fjquery-1.4.4.min.js

Message: Syntax error Line: 1 Char: 1 Code: 0 URI: http://localhost:1361/Account/LogOn?ReturnUrl=%2fScripts%2fjquery.validate.min.js

Message: Syntax error Line: 1 Char: 1 Code: 0 URI: http://localhost:1361/Account/LogOn?ReturnUrl=%2fScripts%2fjquery.validate.unobtrusive.min.js

2 answers

solution1
 2 ACCPTED  2011-05-13 16:40:51

In your web.config, you are restricting access to everyone but administrators in all cases. Check out this link to give you more options on what you can do. (like allowing access to specific folders)

http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx

solution2
 1  2011-05-13 16:43:04

The problem is, as you seem to have guessed, that the CSS files are protected by your authorization rules. The reason that this differs between applying the rules in web.config and applying via Authorize attributes, is that since the MVC framework doesn't send requests for files that exist on disc via your controllers, the requests for the CSS files (which exist on disc) never see the attribute. They do, however, see the authorization rules in web.config .

There are a couple of ways you can solve this. Either one will work fine.

  1. Use the <location> tag to allow any users to request your CSS files.
  2. Skip authorization in web.config and use the Authorize attribute instead. If you do this, you can apply the attribute globally in global.asax.cs so you won't have to remember doing it on every controller.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question redirect user when Authenticated asp.net mvc forms Authentication ASP.NET MVC forms authentication equivalent Custom ASP.NET MVC Forms Authentication asp.net MVC forms authentication custom ASP.NET MVC not work with Forms Authentication ASP.NET MVC 3: Session and Forms Authentication Asp.Net Forms Authentication when using iPhone UIWebView ASP.NET MVC Forms authentication - How it works and persists authentication? Using ASP.NET Forms Authentication and PostgreSQL ASP.NET MVC App Windows Authentication stops working after using Forms Authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM