拒绝访问查询字符串太长答案

【问题标题】：Access Denied query string too long拒绝访问查询字符串太长
【发布时间】：2018-02-11 10:18:52
【问题描述】：

我正在开发一个 Asp.Net Core 应用程序。我使用内置身份进行登录、角色、授权和身份验证。我正在 Windows 机器上使用 IIS Express 进行开发/测试/调试。当我以非管理员用户身份登录并尝试导航到只有管理员可以访问的 URL（整个控制器上的授权属性）时，应用程序重定向到访问被拒绝的 URL，但随后我收到一条错误消息说url查询字符串太长。检查网址后，它似乎有重复的部分。我将尝试将其粘贴在下面。我应该将此报告为错误，还是可以更改设置以防止它发生？

https://localhost:44383/Account/AccessDenied?ReturnUrl=%2FAccount%2FAccessDenied%3FReturnUrl%3D%252FAccount%252FAccessDenied%253FReturnUrl%253D%25252FAccount%25252FAccessDenied%25253FReturnUrl%25253D%2525252FAccount%2525252FAccessDenied%2525253FReturnUrl%2525253D%252525252FAccount%252525252FAccessDenied%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FAccessDenied%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FAccessDenied%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FAccessDenied%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FAccessDenied%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FAccessDenied%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FAccessDenied%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FAccessDenied%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FAccessDenied%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FAccessDenied%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FAccessDenied%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FAccessDenied%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FAccessDenied%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FAccessDenied%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAdmin%2525252525252525252525252525252525252FEditUser%2525252525252525252525252525252525252Ff61bbba3-42b5-4831-8ff1-4d92e42d5d99

【问题讨论】：

好的，看来我需要在启动中间件中设置重定向 url。 stackoverflow.com/a/38266682/4679704
也检查一下ASP.Net Core maxUrlLength
这里有一个无限的重定向循环。您的页面重定向到接受定义，然后一次又一次地重定向。您可以看到 ReturlUrl 重复多次，直到它太大并失败并显示错误消息
也许你的Account/AccessDenied 似乎 /Account/AccessDenied 需要登录用户。重定向发生时您是否已登录？您是否偶然对前端和管理面板进行了两种不同的身份验证？（使用不同的身份验证方案）？发布您的身份配置可能会有所帮助
重定向只是表明当前登录的用户无权访问/Account/AccessDenied。默认模板在 Account 控制器上除了 [Authorize] 之外没有其他限制（这意味着：任何登录用户

标签： asp.net-core asp.net-core-2.0

【解决方案1】：

您收到的 url 有一个无限的重定向循环，每个循环再次添加 url 并传递给自己。

在默认的 ASP.NET Core 标识模板中，AccountController 具有[Authorize] 属性，这意味着任何登录用户都可以访问它。

您在尝试访问 /Account/AccessDenied 路由/操作时被重定向的事实意味着登录的用户没有访问它的权限。

当您使用不同的身份验证方案 [Authorize(Scheme = "SomethingElse")] 或在您的情况下（来自您的上一条评论）需要特殊组 [Authorize(Roles = "Something")] 时，可能会发生这种情况。

即使您有正当理由在控制器级别更改它，您也应该能够设置

[HttpGet]
[Authorize]
public IActionResult AccessDenied(string returnUrl) { ... }

对其进行例外处理或使用

[HttpGet]
[AllowAnonymous]
public IActionResult AccessDenied(string returnUrl) { ... }

这将允许任何用户访问它。

【讨论】：