为什么 ASP.NET MVC MapRoute 会弹出 Windows 身份验证对话框?
这让我很困惑,我认为这可能是微软 MVC 实现中的一个错误。 我正在使用 VS2008 SP1 构建一个 MVC 网站。 为了尝试锁定我的网站,我将控制器编辑为如下所示:
1 public class IdeaController : Controller
2 {
3 [Authorize(Users = "whozmom")]
4 public ActionResult Index(string zapp, int? page)
我正在使用 ASP.NET 成员资格和表单身份验证。 当我将代码发布到主机时,它会弹出一个 Windows 身份验证对话框。 我一直在绞尽脑汁试图找出我可能做了什么编辑导致了这种情况。 我几乎完全重写了我的应用程序,试图解决这个问题,并将其范围缩小到 Global.asax.cs 文件中的一项更改。 首先让我向您展示有缺陷的版本(的相关部分):
1 routes.MapRoute(
2 "Ideas",
3 "{zapp}/{page}/",
4 new { controller = "Idea", action = "Index", zapp = "Office", page = "" }
5 );
6
7 routes.MapRoute(
8 "Default", // Route name
9 "{controller}/{action}/{id}", // URL with parameters
10 new { controller = "Idea", action = "Index", id = "" } // Parameter defaults
11 );
当我在本地使用此路由运行代码时,我的浏览器只是显示空白......登录页面从未显示。 如果我在主机上运行应用程序,它会弹出一个 Windows 身份验证对话框。 如果我将路由更改为:
1 routes.MapRoute(
2 "Ideas",
3 "Ideas/{zapp}/{page}/",
4 new { controller = "Idea", action = "Index", zapp = "Office", page = "" }
5 );
6
7 routes.MapRoute(
8 "Default", // Route name
9 "{controller}/{action}/{id}", // URL with parameters
10 new { controller = "Idea", action = "Index", id = "" } // Parameter defaults
11 );
一切正常。 请注意第 3 行的编辑,在我的 URL 字符串前面添加“Ideas/”。 谁可以给我解释一下这个? 我还可以通过从控制器中删除授权行(上面的第 3 行)来解决问题,但当然我会失去安全性。
更新:这是我的完整会员部分:
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider,
System.Web,
Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ApplicationServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
This one has me stumped, and I think it might be a bug in Microsoft's MVC implementation. I am building a MVC website using VS2008 SP1. In an attempt to lockdown my website I edited my controller to look like this:
1 public class IdeaController : Controller
2 {
3 [Authorize(Users = "whozmom")]
4 public ActionResult Index(string zapp, int? page)
I am using ASP.NET membership and forms authentication. When I publish my code to my host it pops up a Windows authentication dialog box. I've been racking my brains trying to figure out what edit I might have done to cause this. I've pretty much completely rewrote my application trying to figure this out and have narrowed it down to one change in my Global.asax.cs file. First let me show you (the relevant portion of) the bugged version:
1 routes.MapRoute(
2 "Ideas",
3 "{zapp}/{page}/",
4 new { controller = "Idea", action = "Index", zapp = "Office", page = "" }
5 );
6
7 routes.MapRoute(
8 "Default", // Route name
9 "{controller}/{action}/{id}", // URL with parameters
10 new { controller = "Idea", action = "Index", id = "" } // Parameter defaults
11 );
When I run my code with this route locally my browser just comes up blank...the Logon page never shows. If I run my application on my host, it pops up a Windows authentication dialog box. If I change my routing to instead be:
1 routes.MapRoute(
2 "Ideas",
3 "Ideas/{zapp}/{page}/",
4 new { controller = "Idea", action = "Index", zapp = "Office", page = "" }
5 );
6
7 routes.MapRoute(
8 "Default", // Route name
9 "{controller}/{action}/{id}", // URL with parameters
10 new { controller = "Idea", action = "Index", id = "" } // Parameter defaults
11 );
Everything works fine. Notice the edit on line #3, adding "Ideas/" in front of my URL string. Can someone explain this to me? I can also fix the problem by removing the Authorize line from my controller(line #3 above), but then of course I lose my security.
UPDATE: Here is my full membership section:
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider,
System.Web,
Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ApplicationServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在我看来,这是由错误配置的路由引起的。 您是否正确配置了登录页面的路由? 也许可以尝试 Phil Haack 的 RouteDebugger:RouteDebugger 2.0
It seems clear to me that this is caused by an incorrectly configured route. Do you have the route to your login page correctly configured? Maybe try RouteDebugger by Phil Haack: RouteDebugger 2.0