如何在重定向到login.aspx后保留url中的参数

I have the following route:

我有以下路线:

{language}/{controller}.mvc/{action}/{id}

Once a user has choosen the language it is then maintained in the route-value language.

一旦用户选择了语言,它就会以路由值语言进行维护。

http://localhost:4000/de/Account.mvc/Register

I have a problem if a user hits a page that needs auhtorization. He ist then redirected to http://localhost:4000/Account.mvc/Login?ReturnUrl=%2fde%2fAccount.mvc%2fProfileData

如果用户点击需要修改的页面,我会遇到问题。然后他被重定向到http:// localhost:4000 / Account.mvc / Login?ReturnUrl =%2fde%2fAccount.mvc%2fProfileData

The login page is configured in web.config and does not allow for a parameter from the route. The page after login is ok (http://localhost:4000/de/Account.mvc/ProfileData) but the login-page itself has no route-value language.

登录页面在web.config中配置,不允许路由中的参数。登录后的页面正常(http:// localhost:4000 / de / Account.mvc / ProfileData),但登录页面本身没有路由值语言。

How can I fix this?

我怎样才能解决这个问题?

EDIT

I used the answer of Darin, but had to include all the code from the original Authorize filter (AuthorizeAttribute.cs). The reason is documented in that file. It handles the case where an unauthorized user might get a secured page from the cache.

我使用了Darin的答案,但必须包含原始Authorize过滤器(AuthorizeAttribute.cs)中的所有代码。原因记录在该文件中。它处理未经授权的用户可能从缓存中获取安全页面的情况。

Here is the comment in the code:

以下是代码中的注释:

            // ** IMPORTANT **
            // Since we're performing authorization at the action level, the authorization code runs
            // after the output caching module. In the worst case this could allow an authorized user
            // to cause the page to be cached, then an unauthorized user would later be served the
            // cached page. We work around this by telling proxies not to cache the sensitive page,
            // then we hook our custom authorization code into the caching mechanism so that we have
            // the final say on whether a page should be served from the cache.

1 个解决方案

#1

The problem with forms authentication is that you cannot have a dynamically configured login url. That's just the way ASP.NET team designed the framework. At some moment FormsAuthentication.RedirectToLoginPage method will be called which will just redirect to the hardcoded url in web.config.

表单身份验证的问题在于您无法拥有动态配置的登录URL。这就是ASP.NET团队设计框架的方式。在某些时候,将调用FormsAuthentication.RedirectToLoginPage方法,该方法将仅重定向到web.config中的硬编码URL。

I can see two possible workarounds:

我可以看到两种可能的解决方法:

Don't store language in the url but in a cookie

不要将语言存储在URL中,而是存储在cookie中

Write a custom ActionFilter that redirects to a dynamically constructed login page if user is not authenticated

编写自定义ActionFilter,如果用户未经过身份验证,则会重定向到动态构建的登录页面

Here's an example using a custom attribute:

以下是使用自定义属性的示例:

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class RequiresAuthenticationAttribute : FilterAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        IPrincipal user = filterContext.HttpContext.User;
        if (!user.Identity.IsAuthenticated)
        {
            filterContext.Result = new RedirectResult("CALCULATE YOUR LOGIN URL HERE FROM ROUTES");
        }
    }
}

#1