ASP.NET MVC issue with configuration of forms auth

2019-02-04 10:52发布

问题:

I have an ASP.NET MVC 3 Beta application running on IIS. In my web.config I defined following section responsible for forms authentication:

<authentication mode="Forms">
    <forms 
        loginUrl="~/Account/LogOn" 
        name=".VNK" 
        protection="All" 
        timeout="43200" 
        cookieless="UseCookies" />
</authentication>

The defined login address is ~/Account/LogOn.

When I try to get the login url using:

FormsAuthentication.Initialize();
string loginUrl = FormsAuthentication.LoginUrl; 

I receive: /VNK/site/Account/Login

Why do I get a different address from the one defined in web.config?

UPDATE: The "/VNK/site/" prefix is not a problem here. The problem is that LoginUrl property of FormsAuthentication class does not reflect the value from web.config. It means that if I change the value of loginUrl attribute in web.config from "~/Account/LogOn" to e.g. "~/foobar", FormsAuthentication.LoginUrl still has value of "/VNK/site/Account/Login". Why ?

回答1:

I think there is a bug in ASP.NET MVC 3 Beta. This problem does not appear in previous releases of ASP.NET MVC.

If anyone wants to replay this error, he should follow this:

1.Download the mvc framevork.

2.Create new ASP.NET MVC 3 Web Application

3.Applay Authorize attribute on About action in HomeController

[Authorize]
public ActionResult About()
{
   return View();
}  

4.Start application and invoke About action by clicking on About tab. You will get server error, because application is trying to redirect You to such URL:

http://localhost:[port_num]/Account/Login?ReturnUrl=%2fHome%2fAbout

There is obviously no Login view. There is LogOn view. Url to LogOn action is defined in untouched web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

But application does not reflect that. Have anyone any clue what's going on ?

UPDATE:

I was right, there is a bug in MVC 3 Beta. From known issues:

"There’s a known issue that causes Forms Authentication to always redirect unauthenticated users to /Account/Login, ignoring the forms authentication setting used in Web.config. The workaround is to add the following app setting."

<add key="autoFormsAuthentication" value="false" />

UPDATE 2:

Alexander Prokofyev noticed, that ASP.NET 3 RTM looks for another setting. So you need this line instead:

<add key="loginUrl" value="~/LogOn" />



回答2:

If you have access to IIS, then append a new application and enable ASP.NET "integrated pipelining" in application pool section by double clicking it.

If your hosting provider does not grant you access to IIS, then login to the control panel.

  • Go to websites, under the management tab- enable ASP.NET integrated pipe lining.
  • Set your application as a virtual directory (It worked for me)


回答3:

So the simple solution was to remove WebMatrix.*.dll from Bin folder in web project. I have done this for my asp.net project since it was redirecting my login to mvc style url.



回答4:

Updated answer for MVC 4, heavily borrowed from this page and Request redirect to /Account/Login?ReturnUrl=%2f since MVC 3 install on server

<appSettings>
   ...
   <add key="PreserveLoginUrl" value="true" />
</appSettings>

...

<authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="43200" /> <!--43,200 in minutes - 30 days-->
</authentication>


回答5:

Put the following in appSettings:

<add key="loginUrl" value="~/Account/LogOn" />

You could empty loginUrl from Form Authentication configuration.



回答6:

I removed the following from my web.config

<remove name="FormsAuthentication" />

and then everything seemed to work. This text had been added by default when I created my project.



回答7:

The tilde (~) means "the root of my web site" so you don't have to keep using .. or \ to step up and down the web site structure. However, from an IIS perspective you web application may have an additional layer of directory structure which is being reflected when you request the LoginUrl programmatically. I'm unsure as to why you want to retrieve the LoginUrl, the normal state of affairs would have IIS redirect the user to the LoginUrl automatically any time they try to access a page that they are not authenticated for.



回答8:

I think the server has trouble deciding what ~ means in this case, try giving a more direct url to the login page, such as /Account/LogOn.

Maybe you'll find something useful here http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx