C# 如何解决重定向循环
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15894254/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to solve Redirect Loop
提问by
I have a web application, and some users who use Chrome as their preferred browser of choice, get the following error when they have logged out of the application, and try to log back in.
我有一个 Web 应用程序,一些使用 Chrome 作为首选浏览器的用户在退出应用程序时收到以下错误,并尝试重新登录。
"This webpage has a redirect loop".
“此网页有重定向循环”。
My web application uses forms authentication, and the FormAuthenticationModuleredirects the user back to the Login page of my application, so I cannot use this approach:
我的 web 应用程序使用表单身份验证,并将FormAuthenticationModule用户重定向回我的应用程序的登录页面,所以我不能使用这种方法:
<customErrors mode="On" defaultRedirect="~/MyErrorPage.aspx" >
<error statusCode="401" redirect="~/NoAccess.aspx"/>
</customErrors>
Instead, I have added the following to the Page_Loadevent of my LoginPage.
相反,我已将以下内容添加到Page_Load我的LoginPage.
if (Request.IsAuthenticated && !string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
{
Response.Redirect("~/NoAccess.aspx");
}
However, since I have added this approach, the users seem to get the "Redirect Loop" error.
但是,由于我添加了这种方法,用户似乎收到了“重定向循环”错误。
After clearing the cookies, all seems well, but the problem does occur again.
清除cookies后,一切正常,但问题再次出现。
Is there a permanent fix for this I can add to my code, or is there anything else I can do to prevent this issue from happening?
是否有针对此问题的永久性修复程序,我可以将其添加到我的代码中,或者我可以做些什么来防止此问题发生?
采纳答案by Grzegorz W
Try adding this to your web.configfile:
尝试将其添加到您的web.config文件中:
<location path="NoAccess.aspx">
<system.web>
<authorization>
<allow users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
This will turn off any authorization for this page and should stop Your loop.
这将关闭此页面的任何授权,并应停止您的循环。
You can also add this:
你也可以添加这个:
<location path="Login.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
This will deny access to your login page to all users that are already authenticated. Combining those two should allow You to add custom errors for all redirections.
这将拒绝所有已通过身份验证的用户访问您的登录页面。将这两者结合起来应该允许您为所有重定向添加自定义错误。
You may also consider creating a directory for unauthorized access (eg. public/) and placing inside all error pages (that do not require being authorized).
Then You can do:
您还可以考虑为未经授权的访问(例如public/)创建一个目录并将其放入所有错误页面(不需要授权)。然后你可以这样做:
<location path="public">
<system.web>
<authorization>
<allow users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
You can read more about location here. And more about authorization here.
回答by Ilia Barahovski
Had a very similar problem and solved it in IIS: In Authenticationfeature enable Anonymous Authenticationand disable everything else. This makes sense, as eventually this is the application that manages authentication logic and not the IIS or ASP.NET. But obviously this solution doesn't support the elegant access to public pages as @Grzegorz suggested.
有一个非常相似的问题并在 IIS 中解决了它:在Authentication功能中启用Anonymous Authentication和禁用其他所有内容。这是有道理的,因为最终这是管理身份验证逻辑的应用程序,而不是 IIS 或 ASP.NET。但显然这个解决方案不支持@Grzegorz 建议的优雅访问公共页面。
回答by SharpC
I also had a redirect loop which resulted in the error message The request filtering module is configured to deny a request where the query string is too long.for a Visual Studio 2013 Web Site where Authentication was set to Individual User Accounts.
我还有一个重定向循环,它导致The request filtering module is configured to deny a request where the query string is too long.了 Visual Studio 2013 网站的错误消息,其中身份验证设置为个人用户帐户。
The requested URL was a long version of http://localhost:52266/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl....so it was obviously continually redirecting to the login page and appending the return URL each time.
请求的 URL 是一个很长的版本,http://localhost:52266/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl....因此它显然不断地重定向到登录页面并每次附加返回 URL。
No amount of of breakpoints in an attempt to find the offending loop seemed to make a difference, as none were triggered.
试图找到有问题的循环的断点数量似乎没有任何影响,因为没有触发。
In the end I did the following:
最后我做了以下事情:
- Find the project properties. Do this by selecting the project (not solution) and see the Properties window (don't right-click then choose Properties, otherwise you won't find it).
- Set
Anonymous AuthenticationtoEnabled. - Set
Windows AuthenticationtoDisabled.
- 找到项目属性。通过选择项目(不是解决方案)并查看“属性”窗口(不要右键单击然后选择“属性”,否则您将找不到它)来执行此操作。
- 设置
Anonymous Authentication为Enabled。 - 设置
Windows Authentication为Disabled。
When starting the project the default page should now appear and breakpoints you have added should start working.
启动项目时,默认页面现在应该出现,并且您添加的断点应该开始工作。
回答by Ajmal Jamil
It's an old post and I faced this issue while custom authentication and validation. the issue got resolved by adding this line of code in web.config
这是一篇旧帖子,我在自定义身份验证和验证时遇到了这个问题。通过在 web.config 中添加这行代码解决了问题
<system.web>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" path="/" timeout="240" cookieless="UseCookies"></forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<compilation debug="true" targetFramework="4.6" />
<httpRuntime targetFramework="4.6" />
<httpModules>
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>
</system.web>
Hope it helps.
希望能帮助到你。
