我正在使用 URLRouting 开发一个 ASP.NET Multi-Tenancy Web 表单应用程序。
使用 formsAuthentication 一切都很完美。
当我切换到 OWIN Cookie 身份验证并请求安全页面时,我收到以下错误,但它应该重定向到登录页面。
[HttpException (0x80004005): An error occurred while accessing the resources required to serve this request. You might not have permission to view the requested resources.]
System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +9727854 System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +82 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
路线定义:
//Default Organisation Route
routes.MapPageRoute("",
"de/{organisation}",
"~/public/default.aspx",
true,
null,
new RouteValueDictionary { { "organisation", organisationConstraint } });
routes.MapPageRoute("",
"de/{organisation}/profile",
"~/secure/profile.aspx",
true,
null,
new RouteValueDictionary { { "organisation", organisationConstraint } });
网络配置:
<system.web>
<compilation debug="true" targetFramework="4.5.0" />
<httpRuntime targetFramework="4.5.0" />
<authorization>
<deny users="?"/>
</authorization>
<authentication mode="None"></authentication>
<sessionState mode="Off"></sessionState>
</system.web>
<location path="de">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="public">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
启动类:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieSecure = CookieSecureOption.SameAsRequest,
LoginPath = new PathString("/public/login.aspx")
});
我必须实现 facebook 身份验证,但我无法使用默认的 CookieAuthentication 来处理它。
如何将 OWIN 与我的 URL 结构结合使用?
最佳答案
我在这里找到了我的解决方案:https://msdn.microsoft.com/en-us/magazine/dd347546.aspx
如果您使用 MapPageRoute,由于嵌套的 URL 结构,PageRouteHandler 中可能存在错误:
de/{organisation} --> is allowed
de/{organisation}/profile --> not allowed
如果您编写自己的 RouteHandler 并使用 UrlAuthorizationModule.CheckUrlAccessForPrincipal 一切都会按预期工作。
routes.Add("", new Route("de/{organisation}/profile",
null,
new RouteValueDictionary { { "organisation", organisationConstraint } },
new WebFormRouteHandler("~/secure/profile.aspx", true)));
public class WebFormRouteHandler : IRouteHandler
{
public WebFormRouteHandler(string virtualPath)
: this(virtualPath, true)
{
}
public WebFormRouteHandler(string virtualPath, bool checkPhysicalUrlAccess)
{
this.VirtualPath = virtualPath;
this.CheckPhysicalUrlAccess = checkPhysicalUrlAccess;
}
public string VirtualPath { get; private set; }
public bool CheckPhysicalUrlAccess { get; set; }
public IHttpHandler GetHttpHandler(RequestContext requestContext)
{
if (this.CheckPhysicalUrlAccess && !UrlAuthorizationModule.CheckUrlAccessForPrincipal(this.VirtualPath, requestContext.HttpContext.User, requestContext.HttpContext.Request.HttpMethod))
{
requestContext.HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
requestContext.HttpContext.Response.End();
}
var display = BuildManager.CreateInstanceFromVirtualPath(this.VirtualPath, typeof(Page)) as IHttpHandler;
return display;
}
}
关于asp.net - 使用 URLRouting 从 FormsAuthentication 迁移到 OWIN 后,安全页面上出现 HTTPException - 不重定向到 LoginPath,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29899413/