ASP.NET表單身份驗證

Question

我創建了新的Project> ASP.NET Web應用程序（具有單個用戶帳戶）。 為根web.config我添加了`

<authentication mode="Forms">
      <forms loginUrl="log.aspx" defaultUrl="about.aspx"/>
    </authentication>

<authorization>
  <deny users="?"/>
</authorization>`

為了將每個未經身份驗證的用戶重定向到log.aspx（它存在於項目根目錄中）。 但是當我現在運行項目時，我得到了錯誤

HTTP錯誤404.15-未找到

請求過濾模塊被配置為在查詢字符串太長的情況下拒絕請求。

 Requested URL http://localhost:55371/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAbout.aspx 

物理路徑D：\\ Visual Studio工作場所\\ WebApplication4 \\ WebApplication4 \\ Account \\ Login

建議的解決方法是更改​​maxquerystring，所以我按這里做 。 然后錯誤改了

異常詳細信息：System.Web.HttpException：此請求的查詢字符串的長度超過了配置的maxQueryStringLength值。

在我看來，它就像是一個無限循環。 您能否告訴我為什么第一個錯誤提到/ account / login這個項目中的默認設置？ 在這種情況下還有什么解決方案？

我將VS2015與IIS Express一起使用。

Answer 1

在項目創建過程中選擇“個人用戶帳戶”時，您將設置身份驗證以使用ASP.Net Identity，這是與Forms身份驗證完全不同的系統。

您不想混合使用它們中的一種。 但是請注意，Forms Auth現在的安全性比Identity弱得多，后者基本上在您的網站中設置了現代Token服務器。

Answer 2

我已經看到過多次發布相同的錯誤，我自己也遇到了相同的問題，並且所有答案都沒有幫助我，直到我找到了解決該問題的真正方法為止。 最初的問題是：“我創建了新的Project> ASP.NET Web應用程序...”，它說他更改了web.config文件。 確實存在一個無限循環，因為web.config設置為拒絕對包含登錄頁面本身的網站每個頁面的任何未經身份驗證的用戶的訪問！ 這導致了循環。 為了避免無限循環，應至少授予登錄頁面訪問權限。 我做到了，在登錄頁面所在的文件夾中放置了另一個web.config文件，並在其中包含以下代碼：

<?xml version="1.0" encoding="utf-8"?>
  <configuration>
    <system.web>
       <authorization>
          <allow users="?"/>
       </authorization>
    </system.web>
  </configuration>

這將授予對文件夾內所有頁面的未經授權的訪問，因此請確保將您的登錄頁面放在此處。

編輯：很重要的一點是，這種方法正在使用表單身份驗證。