Mat*_*hop 5 asp.net-core asp.net-core-2.0
我正在开发一个 Asp.Net Core 应用程序。我使用内置身份进行登录、角色、授权和身份验证。我正在 Windows 机器上使用 IIS Express 进行开发/测试/调试。当我以非管理员用户身份登录并尝试导航到只有管理员有权访问的 url(整个控制器上的授权属性)时,应用程序重定向到访问被拒绝的 URL,但随后我收到一条错误消息说url查询字符串太长。检查 url 后,它似乎有重复的部分。我会试着把它贴在下面。我应该将此报告为错误,还是可以更改设置以防止它?
https://localhost:44383/Account/AccessDenied?ReturnUrl=%2FAccount%2FAccessDenied%3FReturnUrl%3D%252FAccount%252FAccessDenied%253FReturnUrl%253D%25252FAccount%25252FAccessDenied%25253FReturnUrl%25253D%2525252FAccount%2525252FAccessDenied%2525253FReturnUrl%2525253D%252525252FAccount%252525252FAccessDenied%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FAccessDenied%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FAccessDenied%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FAccessDenied%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FAccessDenied%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FAccessDenied%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FAccessDenied%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FAccessDenied%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FAccessDenied%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FAccessDenied%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FAccessDenied%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FAccessDenied%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FAccessDenied%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FAccessDenied%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAdmin%2525252525252525252525252525252525252FEditUser%2525252525252525252525252525252525252Ff61bbba3-42b5-4831-8ff1-4d92e42d5d99
您收到的 url 有一个无限的重定向循环,每个循环都会再次添加 url 并传递给自身。
在默认的 ASP.NET Core 标识模板中,AccountController被赋予[Authorize]属性,这意味着任何登录用户都可以访问它。
您在尝试访问 /Account/AccessDenied 路由/操作时被重定向的事实意味着已登录的用户没有访问它的权限。
当您使用不同的身份验证方案[Authorize(Scheme = "SomethingElse")]或在您的情况下(根据您的最后一条评论)需要特殊组时,可能会发生这种情况[Authorize(Roles = "Something")]。
即使您有正当理由在控制器级别更改它,您也应该能够设置
[HttpGet]
[Authorize]
public IActionResult AccessDenied(string returnUrl) { ... }
破例或使用
[HttpGet]
[AllowAnonymous]
public IActionResult AccessDenied(string returnUrl) { ... }
这将允许任何用户访问它。
| 归档时间: |
|
| 查看次数: |
1244 次 |
| 最近记录: |