ASP.NET表单身份验证

Question

我创建了新的Project> ASP.NET Web应用程序（具有单个用户帐户）。 为根web.config我添加了`

<authentication mode="Forms">
      <forms loginUrl="log.aspx" defaultUrl="about.aspx"/>
    </authentication>

<authorization>
  <deny users="?"/>
</authorization>`

为了将每个未经身份验证的用户重定向到log.aspx（它存在于项目根目录中）。 但是当我现在运行项目时，我得到了错误

HTTP错误404.15-未找到

请求过滤模块被配置为在查询字符串太长的情况下拒绝请求。

 Requested URL http://localhost:55371/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAbout.aspx 

物理路径D：\\ Visual Studio工作场所\\ WebApplication4 \\ WebApplication4 \\ Account \\ Login

建议的解决方法是更改​​maxquerystring，所以我按这里做 。 然后错误改了

异常详细信息：System.Web.HttpException：此请求的查询字符串的长度超过了配置的maxQueryStringLength值。

在我看来，它就像是一个无限循环。 您能否告诉我为什么第一个错误提到/ account / login这个项目中的默认设置？ 在这种情况下还有什么解决方案？

我将VS2015与IIS Express一起使用。

Answer 1

在项目创建过程中选择“个人用户帐户”时，您将设置身份验证以使用ASP.Net Identity，这是与Forms身份验证完全不同的系统。

您不想混合使用它们中的一种。 但是请注意，Forms Auth现在的安全性比Identity弱得多，后者基本上在您的网站中设置了现代Token服务器。

Answer 2

我已经看到过多次发布相同的错误，我自己也遇到了相同的问题，并且所有答案都没有帮助我，直到我找到了解决该问题的真正方法为止。 最初的问题是：“我创建了新的Project> ASP.NET Web应用程序...”，它说他更改了web.config文件。 确实存在一个无限循环，因为web.config设置为拒绝对包含登录页面本身的网站每个页面的任何未经身份验证的用户的访问！ 这导致了循环。 为了避免无限循环，应至少授予登录页面访问权限。 我做到了，在登录页面所在的文件夹中放置了另一个web.config文件，并在其中包含以下代码：

<?xml version="1.0" encoding="utf-8"?>
  <configuration>
    <system.web>
       <authorization>
          <allow users="?"/>
       </authorization>
    </system.web>
  </configuration>

这将授予对文件夹内所有页面的未经授权的访问，因此请确保将您的登录页面放在此处。

编辑：很重要的一点是，这种方法正在使用表单身份验证。