Basic 或 Windows 身份验证的无限重定向循环？

Question

我正在开发一个新的 ASP.NET 应用程序。在 IIS8 上，如果我禁用匿名访问并启用基本或 Windows 身份验证，它会进入无限重定向循环并在浏览器中断循环后到达以下 URL：

https://XXXXXX.com/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252F

凭据框永远不会弹出。有什么问题？

Answer 1

我遇到了同样的问题，但我只是通过在我的登录控制器之前添加 [AllowAnonymous] 来解决它。它可能并不适合所有人，但也许就是这样。

Answer 2

检查 IIS 应用程序池中的“空闲超时”小步舞曲，高级设置。如果它不大于您的系统会话超时，请将其设置为更大的数字。

例如，如果您将会话超时值设置为 30 ，则将 IIS 应用程序池中的“空闲超时”小步舞曲设置为超过 30+。 IIS 应用程序池中的默认“空闲超时”小步舞曲通常为 20。

Answer 3

我修好了。您必须做的第一件事是在 IIS 和 Visual Studio 项目上启用 Windows 身份验证并禁用匿名（在解决方案资源管理器和属性窗口中选择根项目节点以禁用匿名访问并启用 Windows 身份验证）。接下来，将以下行添加到您的 web.config：

<system.webServer>
  <modules>
    <remove name="FormsAuthenticationModule" />
    <remove name="FormsAuthentication" />
  </modules>
</system.webServer>

接下来打开 App_Start/Startup.Auth.cs 并注释掉（或删除）以下内容：

        // Enable the application to use a cookie to store information for the signed in user
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });
        // Use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

接下来，发布到您的网络服务器，您应该能够在没有重定向错误的情况下登录！

Answer 4

可能在您的 machine.config 文件或您的全局 web.config 中，使用此 url 作为身份验证页面启用表单身份验证。

Answer 5

通过禁用匿名访问，使login 的页面在未经身份验证的情况下不允许查看。

因此系统尝试通过在登录页面上重定向用户来验证用户身份，但由于无法允许登录页面，因此永远感觉在此循环中。