ASP.NET SqlMembershipProvider 无限循环?
我正在尝试使用 很少 教程 我发现了 ASP.NET v2.0 中的成员资格提供程序范例。 我已按照教程中的示例进行操作,但似乎无法使 FormsAuthentication.RedirectFromPage 方法正常工作。 当我尝试登录时,将通过 Membership.ValidateUser 验证用户凭据,但页面会发送回 Login.aspx 而不是 Default.aspx。 以下是我的 web.config 中的相关片段:
...
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="60" name="POTOKCookie" requireSSL="false" path="/FormsAuth"
slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" defaultUrl="~/Default.aspx"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
<membership defaultProvider="CustomizedProvider">
<providers>
<clear />
<add name="CustomizedProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LoginDB2"
applicationName="POTOK"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" />
</providers>
</membership>
我已验证我的连接字符串是否正确(因为 Membership.ValidateUser 似乎工作得很好),并且正在我的 Login.aspx 上的 UI 中使用 ASP.NET 登录控件页。 这是身份验证事件处理程序代码:
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
If (Membership.ValidateUser(Login1.UserName, Login1.Password)) Then
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
End If
End Sub
当我访问 url (http://localhost/Project) 时,我会被带到: http://localhost/Project/Login.aspx 在“登录”之后我的网址是: http://localhost/Project/Login.aspx?ReturnUrl=%2fProject% 2fDefault.aspx
我是否错过了配置步骤?
I am trying to configure authentication using a few tutorials I have found on the Membership Providers paradigm found in ASP.NET v2.0. I've followed the examples in the tutorial but can't seem to get the FormsAuthentication.RedirectFromPage method to work appropriately. When I attempt a login, the user credentials are validated via Membership.ValidateUser but the page is sent back to Login.aspx instead of Default.aspx. Here is the relevant snippet from my web.config:
...
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="60" name="POTOKCookie" requireSSL="false" path="/FormsAuth"
slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" defaultUrl="~/Default.aspx"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
<membership defaultProvider="CustomizedProvider">
<providers>
<clear />
<add name="CustomizedProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LoginDB2"
applicationName="POTOK"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" />
</providers>
</membership>
I've verified that my connection string is correct (since Membership.ValidateUser seems to be working just fine) and am using the ASP.NET Login control for the UI on my Login.aspx page. Here is the authenticate event handler code:
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
If (Membership.ValidateUser(Login1.UserName, Login1.Password)) Then
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
End If
End Sub
When I visit the url (http://localhost/Project) I am taken to: http://localhost/Project/Login.aspx and after the "login" my url is: http://localhost/Project/Login.aspx?ReturnUrl=%2fProject%2fDefault.aspx
Did I miss a configuration step?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
问题出在 path="/FormsAuth" 参数中。
删除此变量并重试
阅读这篇文章了解为什么路径可以错误
来自MSDN:
路径 - 可选属性。 指定应用程序发出的 cookie 的路径。 默认值是斜杠 (/),因为大多数浏览器区分大小写,如果路径大小写不匹配,则不会发回 cookie。
注意:路径属性区分大小写。 因此,如果将path属性的值设置为/application1,并且应用程序名称为Application1,则身份验证cookie路径为/application1。
因此,如果您想使用路径属性,您应该将其设置为“/project”,因为 Project 是您的应用程序的名称(据我所知)。 但我认为当您使用不同的 cookie 名称时不需要有不同的路径(即在此应用程序中 name="POTOKCookie",我希望与安装在同一主机上的其他 ASP.NET 应用程序不同)
请参阅 PRB:表单身份验证请求未定向到 loginUrl 页面
The problem is in path="/FormsAuth" parameter.
Remove this variable and try again
Read this post about why path can be wrong
From MSDN:
path - Optional attribute. Specifies the path for cookies that are issued by the application. The default is a slash (/), because most browsers are case-sensitive and will not send cookies back, if there is a path case mismatch.
NOTE: The path attribute is case sensitive. Therefore, if the you set the value of the path attribute to /application1, and if the application name is Application1, the authentication cookie path is /application1.
So if you want to use path property, you should set it to "/project" because Project is the name of your application (as far as I understood). But I don't think you need to have different paths when you use different cookies names (i.e. name="POTOKCookie" in this application, i hope will be different from other ASP.NET applications installed on the same host)
See PRB: Forms Authentication Requests Are Not Directed to loginUrl Page
如果您使用具有 ASP.NET 成员资格的登录控件,则无需编写代码来执行身份验证。 但是,如果您想创建自己的身份验证逻辑,则可以处理登录控件的 Authenticate 事件并添加自定义身份验证代码。
因此,我建议您只需删除 Login1_Authenticate 事件,因为它可以完成双重工作,我认为,因为控件本身负责调用 ValidateUser 和重定向。
另请检查登录控件的 DestinationPageUrl 属性。
如果您没有为 DestinationPageUrl 属性指定值,则用户在成功登录后将被重定向到用户请求的原始页面。因此,在您的情况下,不应设置此属性。
If you use the Login control with ASP.NET membership, you do not need to write code to perform authentication. However, if you want to create your own authentication logic, you can handle the Login control's Authenticate event and add custom authentication code.
So, I suggest you simply delete Login1_Authenticate event as far as it does the double work, I think, because control itself is responsible for calling ValidateUser and redirection.
Also check DestinationPageUrl property of the Login control
If you do not specify a value for the DestinationPageUrl property, the user will be redirected to the original page the user requested after successfully logging in. So in your case this property should not be set.