Prevent ASP.NET from redirecting to login.aspx

2020-02-24 03:51发布

站内问答 / 前沿技术
679 2 6

We have a website that runs fully on AngularJS with an ASP.NET Web API back-end with the following configuration: - HTML5 routing is enabled on Angular and there is a rewrite rule in web.config to direct all traffic to index.html - MVC is not installed (only razor pages) - Authentication happens using Forms Authentication and related cookies

I have just added the Helicon IIS plugin to have .htaccess password protected for our development server (it's a mess to do it with IIS alone) but I have a basic problem.

After I input the basic auth credentials, I will get a redirect to /login.aspx?ReturnUrl= and although I'm not sure who is responsible for this (IIS or Helicon plugin), it will match one of my AngularJS routes and result in an error.

How can I stop this redirect from happening?

My web.config authentication bit:

<authentication mode="Forms">
  <forms protection="All" timeout="15" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="false" cookieless="UseCookies" enableCrossAppRedirects="false" />
</authentication>

2条回答
老娘就宠你
2楼-- · 2020-02-24 04:14

If you are using ASP.NET 4.5. you can disable forms authentication redirect HttpResponse.SuppressFormsAuthenticationRedirect property.

In Global.asax:

protected void Application_BeginRequest(Object sender, EventArgs e)
{
        HttpApplication context = (HttpApplication)sender;
        context.Response.SuppressFormsAuthenticationRedirect = true;
}
查看更多
0人赞 添加讨论(0) 举报
男人必须洒脱
3楼-- · 2020-02-24 04:24

In summary, i've put this in global.asax 

protected void Application_BeginRequest(object sender, EventArgs e)
{
    var context = new HttpContextWrapper(Context);
    // set flag only if forms auth enabled and request comes from ajax
    if (FormsAuthentication.IsEnabled && context.Request.IsAjaxRequest())
    {
        context.Response.SuppressFormsAuthenticationRedirect = true;
    }
}

and for IsAjaxRequest() used this

public static bool IsAjaxRequest(this HttpRequestBase request)
{
    if (request == null)
    {
        throw new ArgumentNullException("request");
    }
    var context = HttpContext.Current;
    var isCallbackRequest = false;// callback requests are ajax requests
    if (context != null && context.CurrentHandler is Page)
    {
        isCallbackRequest = ((Page)context.CurrentHandler).IsCallback;
    }
    return isCallbackRequest || request["X-Requested-With"] == "XMLHttpRequest" || 
        request.Headers["X-Requested-With"] == "XMLHttpRequest";
}

so for every ajax request forms auth will not be redirect anymore. It's the best solution that i've found.

And optionally, put this in client code, for page reload after receiving 401 error answers.

$(document).ajaxError(function (xhr, props) {
    if (props.status === 401) {
        location.reload();
    }
});
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)