[英]Strange ASP.NET Forms Authentication Issue
在我的default.aspx上是一个登录页面:
Default.aspx:
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="Portal.Default"
MasterPageFile="Portal.Master" Title="Login" %>
<asp:Content runat="server" ContentPlaceHolderID="MainContentPlaceHolder">
<div class="block" id="login">
<h2>Login</h2>
<asp:Label style="top: 15px;left: 11px" runat="server" Text="User Name :" CssClass="label" />
<asp:TextBox ID="txtLoginUserName" Style="top: 15px;left: 17px; width:100px" runat="server" CssClass="textbox" />
<asp:Label style="top: 20px;left: 19px;" runat="server" Text="Password :" CssClass="label" />
<asp:TextBox ID="txtLoginPassword" Style="top: 20px;left: 25px; width:100px;" runat="server" TextMode="Password" CssClass="textbox" />
<asp:Button ID="btnLogin" Style="top:30px;left: 91px" CssClass="button" runat="server" Text="Login" OnClick="BtnSubmitClick" />
</div>
</asp:Content>
后面的代码:
using System;
using System.Linq;
using System.Web.Security;
namespace Portal
{
public partial class Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Page.Form.DefaultFocus = txtLoginUserName.ClientID;
}
protected void BtnSubmitClick(object sender, EventArgs e)
{
using (var db = new DbContext())
{
if (db.Users.Any(x => x.Username == txtLoginUserName.Text && x.Password == txtLoginPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(txtLoginUserName.Text, true);
}
else
{
ClientScript.RegisterStartupScript(GetType(), "myalert", "alert('* invalid credentials, please try again');", true);
}
}
}
}
}
Web.Config:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Styles">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Console.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Options.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms name="Portal" loginUrl="default.aspx" defaultUrl="console.aspx" />
</authentication>
...
</system.web>
</configuration>
问题是,当我进入网站而不是http://www.myhostname.com/default.aspx
,将我带到http://myhostname.com/default.aspx?ReturnUrl=%2f
,这很奇怪,因此我输入用户名和密码,单击登录...,然后一切变为空白... URL更改为http://www.myhostname.com
,第二次输入所有内容...之后登录。然后转到console.aspx
为什么这样做呢?
如此处指定
http://msdn.microsoft.com/zh-CN/library/s09bfdt2(v=vs.80).aspx
FormsAuthentication.RedirectFromLoginPage
将经过身份验证的用户重定向回原始请求的URL或默认URL。
ReturnUrl=%2f
第一次登录,第二次登录的默认网址
我这样解决了这个问题:
现在,我将web.config更改为看起来更简单:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
<authentication mode="Forms">
</authentication>
...
</system.web>
</configuration>
现在,它可以在首次登录时使用,对于所有的简化我都很满意:D
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.