asp.net-mvc 使用 HTTP 302 将 css/script 重定向到登录页面的表单身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6304547/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Forms auth redirecting css/script includes to the login page with HTTP 302
提问by Dan Revell
I have some includes on a login page, a css file and a js file.
我在登录页面上有一些包含、一个 css 文件和一个 js 文件。
<link rel="stylesheet" type="text/css" href="../../ext/resources/css/ext-all.css" />
<script type="text/javascript" src="../../ext/bootstrap.js"></script>
Unfortunately the requests the browser makes for these get the 302 response. Forms Auth is seeing the request as unauthorized and redirecting them to the login page. It doesn't realise that the request are coming from the login page in the first place.
不幸的是,浏览器对这些的请求得到了 302 响应。Forms Auth 将请求视为未经授权并将其重定向到登录页面。它没有意识到请求首先来自登录页面。
GET http://localhost:50880/ext/resources/css/ext-all.css HTTP/1.1
HTTP/1.1 302 Found
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/Account/LogOn?ReturnUrl=%2fext%2fresources%2fcss%2fext-all.css">here</a>.</h2>
</body></html>
I thought perhaps setting the permissions of the includes folder (ext) to everyone might help.
我想也许将包含文件夹 (ext) 的权限设置为每个人可能会有所帮助。
I've not had this issue in other projects.
我在其他项目中没有遇到过这个问题。
采纳答案by PSK
You need to exclude the css files and images from getting authenticated as following in the configuration file. Using the location tag you can exclude a single file or a directory.
您需要在配置文件中按照以下方式排除 css 文件和图像进行身份验证。使用位置标记可以排除单个文件或目录。
<location path="<RELATIVE_PATH_OF_YOUR_RESOURCE_FILES>">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
回答by David Conlisk
I had the same problem. Here's how I solved it.
我有同样的问题。这是我解决它的方法。
In IIS7, click on your website, then double-click the Authentication button. Click on Anonymous Authentication, then click the Edit... link on the right hand side. Make sure the "Application pool identity" checkbox is checked.
在 IIS7 中,单击您的网站,然后双击“身份验证”按钮。单击匿名身份验证,然后单击右侧的编辑...链接。确保选中“应用程序池标识”复选框。
My application pool is running under the "Network Service" user (not "ApplicationPoolIdentity"). You can choose the Identity in the Advanced Settings of your application pool in IIS. This user has been given full access to the file system for the website.
我的应用程序池在“网络服务”用户(不是“ApplicationPoolIdentity”)下运行。您可以在 IIS 中应用程序池的高级设置中选择标识。此用户已获得对网站文件系统的完全访问权限。
回答by vcuankit
So, here's what I did that entirely solved the issue.
所以,这就是我所做的,完全解决了这个问题。
First, I made the change to the web.config like everyone else said to do.
首先,我像其他人所说的那样对 web.config 进行了更改。
I am using Anonymous Authentication in IIS, and as stated in this issue, I went into IIS > Application Pools > Right-clicked my application pool > Edit > changed the app pool to use the Application Pool Identity.
我在 IIS 中使用匿名身份验证,如本期所述,我进入 IIS > 应用程序池 > 右键单击我的应用程序池 > 编辑 > 更改应用程序池以使用应用程序池标识。
THEN - I went to the parent folder that contains my site, went into permissions for that folder, and added the server's NETWORK SERVICE account to access the folder. That did it for me. It's because the Application Pool is running under ApplicationPoolIdentity, which is the NETWORK SERVICE account on the local machine.
然后 - 我转到包含我的站点的父文件夹,进入该文件夹的权限,并添加服务器的 NETWORK SERVICE 帐户以访问该文件夹。那是为我做的。这是因为 Application Pool 是在 ApplicationPoolIdentity 下运行的,ApplicationPoolIdentity 是本地机器上的 NETWORK SERVICE 帐户。
Hope this helps someone!
希望这可以帮助某人!
回答by MikeD
The issue I had on this was that I had downloaded a jquery plugin from the internet and copied it into my content directory on the webserver and Windows had all the files under it blocked so that they couldn't be access properly by the webserver. Unblocking the files in Windows solved the issue.
我在这方面遇到的问题是我从互联网上下载了一个 jquery 插件并将其复制到我在网络服务器上的内容目录中,Windows 阻止了它下面的所有文件,因此网络服务器无法正确访问它们。在 Windows 中取消阻止文件解决了这个问题。
回答by C. Tewalt
Late answer here, but I wanted to help shed some light on this IISsue. (see what I did?)
在这里回答晚了,但我想帮助阐明这个 IISsue。(看看我做了什么?)
First, I want to say that David Conlisk's answer is the sure-fire-nail-it-in-the-head-fix-it-every-time answer. But in case you're like me and have deployed many applications with Forms and Anonymous auth where the Anonymous Auth Identity is set to IUSR and all the sudden I'm seeing this problem now, then listen to how I reproduced the issue and hopefully be spared from the same plight.
首先,我想说的是,David Conlisk 的答案是万无一失的每次都修复它。但是,如果您像我一样部署了许多带有表单和匿名身份验证的应用程序,其中匿名身份验证身份设置为 IUSR 并且突然间我现在看到了这个问题,那么听听我是如何重现这个问题的,希望是免于同样的困境。
My standard practice is to have my web application's AppPoolIdentity run as Network Service. Then I just go to the actual directory on disk that the virtual directory is pointing to -> right click -> Properties -> Security Tab -> Edit -> Add the Network Service User -> Grant read/write permissions.
我的标准做法是让我的 Web 应用程序的 AppPoolIdentity 作为Network Service运行。然后我只需转到虚拟目录指向的磁盘上的实际目录 ->右键单击 -> 属性 -> 安全选项卡 -> 编辑 -> 添加网络服务用户 -> 授予读/写权限。
Then I enable Anonyous Authentication on the directories that I need (js, css, etc.) The app pool identity is IUSR by default.
然后我在我需要的目录(js、css 等)上启用匿名身份验证。默认情况下,应用程序池标识是 IUSR。
OK. Now all of the sudden in my dev environment, I start getting 302 forms auth redirects on all my css and js! What happened? I did an SVN switch on my web application to a different branch in source control. Ugh. It completely Hymaned all of my on disk permissions for every single file. The only way I've ever been able to fix it is to delete the whole web app, and do a fresh checkout and re-apply Network Service read permissions (or apply permissions on every single file... and yes I've tried removing and re-adding the permissions on the parent level folder).
好的。现在突然在我的开发环境中,我开始在所有 css 和 js 上获得 302 表单身份验证重定向!发生了什么?我在我的 web 应用程序上做了一个 SVN 切换到源代码管理中的不同分支。啊。它完全劫持了我对每个文件的所有磁盘权限。我曾经能够修复它的唯一方法是删除整个网络应用程序,然后重新结帐并重新应用网络服务读取权限(或对每个文件应用权限......是的,我试过了删除并重新添加对父级文件夹的权限)。
So this time, I decide "hell with it. I'm running my web app as Local System. That will show the disk permissions whose boss. This has worked for me from time to time as a short term workaround." But alas, not today. I swear to you that before my eyes I am looking at two deployments of a forms auth web app with exactly the same configuration and the 302 issue is only reproducing on my dev machine. The only difference is the recent SVN switch on my machine.
所以这一次,我决定“见鬼去吧。我将我的 Web 应用程序作为Local System运行。这将显示其老板的磁盘权限。作为短期解决方法,这不时对我有用。” 但可惜,不是今天。我向您发誓,在我眼前我正在查看具有完全相同配置的表单身份验证 Web 应用程序的两个部署,并且 302 问题仅在我的开发机器上重现。唯一的区别是我机器上最近的 SVN 开关。
As soon as I Log in and get a Forms Auth Cookie, the js and css download just fine.
一旦我登录并获得 Forms Auth Cookie,js 和 css 就可以正常下载了。
Bear with me, I've just made a shocking discovery. All of the servers I have this deployed on have read permissions granted to MACHINE_NAME\Users. And my dev machine does not. Once I added that to my dev machine, I was able to download my css.
请耐心等待,我刚刚有了一个令人震惊的发现。我部署的所有服务器都已授予 MACHINE_NAME\Users 读取权限。而我的开发机器没有。一旦我将它添加到我的开发机器上,我就可以下载我的 css。
TLDR;
TLDR;
Moral of the story is you can keep the Anonymous Auth Identity as IUSR, but then you have to grant all users read permissions on your web app on disk.
这个故事的寓意是您可以将匿名身份验证身份保留为 IUSR,但是您必须授予所有用户对磁盘上的 Web 应用程序的读取权限。
Since this is a bad idea (for security reasons), I'm going to make it my new practice to adopt David C's answer and make the Anonymous Auth Identity run as the application pool identity.
由于这是一个坏主意(出于安全原因),我将采用 David C 的答案并将匿名身份验证身份作为应用程序池身份运行作为我的新做法。
