首页 新闻 搜索 专区 学院

请教web api寄宿在web form中,无法访问登陆验证的controller问题

0
悬赏园豆:5 [待解决问题]

web api寄宿在web form中,增加了一个用于登陆验证的 AccountController,但是由于整个站点应用了 form验证,所以无法访问到action。

如果将form验证的 loginUrl设置成AccountController的action login,登录时可以访问到action。但是如果访问非loginUrl页面,则无法自动跳转到登陆页面

 

我再controller文件夹下增加web.config,但仍旧无法访问

<authorization>
<allow users="*"/>
</authorization>

 

整个站点的web.config做了如下配置

<authorization>
<deny users="?"/>
</authorization>

 

如果去掉该配置,则可以访问匿名访问 action

问题补充:

在stackoverflow查到一个和我一样的问题,贴过来

 http://stackoverflow.com/questions/14017595/web-api-anonymous-service-access-with-forms-authentication

I am trying to determine how to configure access to a Web API controller service under forms authentication. If I add authorization configuration to deny all anonymous users by adding the authorization element:

<authorization>
   <!-- Deny all anonymous users -->
   <deny users="?" />
</authorization>

Only the login page is accessible as expected. But I would also like access to a list returned from a controller. I added the [AllowAnonymous] attribute to a simple service that returns values used to populate a drop down menu. For example:

namespace WebAPI.Controllers {

public class RegisterController : ApiController {

[AllowAnonymous]

public List<ListElement> GetActivitiesList()

{ List<ListElement> li = new List<ListElement>(); li.Add(new ListElement() { Id = 1, Text = "Item 1" }); li.Add(new ListElement() { Id = 2, Text = "Item 2" }); li.Add(new ListElement() { Id = 3, Text = "Item 3" }); return li; } } }

I added the controllers directory to the allowed list in the web.config:

<location path="Controllers">
   <system.web>
   <authorization>
      <allow users="*" />
   </authorization>
   </system.web>
</location>

If I browse my sample page to invoke the controller, forms authentication still denies access with a 302 redirect to the login page, even if I add the [AllowAnonymous] attribute. If I remove the authorization element "<deny users="?" />" for the entire site, I can control access using the [Authorize] and [AllowAnonymous] attributes.

The objective is to be able to use specific services on a few pages (like registration) for anonymous users, while the rest of site access is restricted to authenticated users. Accessing a service is not exactly the same as accessing a file, so my guess is that I have to write a special handler for this situation, but I am not sure as to how to go about it.

3b阿当的主页 3b阿当 | 初学一级 | 园豆:12
提问于:2015-03-10 10:58
< >
分享
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册