1

当他们访问管理员页面时,我试图将未经授权的用户重定向到自定义页面,但我收到错误..

管理员文件夹的 Web.Config

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <allow roles="Administrators" />
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

登录页面代码:

protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                if (Request.IsAuthenticated && !string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
                    Response.Redirect("~/ErrorUNTH.aspx");
            }
}

错误以普通用户身份登录并访问管理员页面后:

Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>


Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>
4

2 回答 2

2

删除 <deny users="*"/>和添加<deny users="?"/>

  1. ?- 匿名用户
  2. *- 所有用户

并从事件中删除代码。Page_Load

如果用户未登录,则将自动重定向到login.aspx。看看<authentication>root 的部分web.config

<authentication mode="Forms">
        <forms loginUrl ="mylogin.aspx"/> <!-- You can change the url -->
</authentication>
于 2012-07-20T10:38:00.930 回答
0

您可以通过在 Global.asax.cs 的 Application_EndRequest 事件中添加以下代码来操作“401 Access Denied”响应的内容(如果是这种情况):

protected void Application_EndRequest(Object sender, 
                                             EventArgs e)
  { 
     HttpContext context = HttpContext.Current;
     if (context.Response.Status.Substring(0,3).Equals("401"))
     {
        context.Response.ClearContent();
        context.Response.Write("<script language="javascript">" + 
                     "self.location='../login.aspx';</script>");
     } 
  }

当浏览器识别 401 并且没有凭据时,将发生客户端重定向。浏览器将显示自定义 401 页面。

于 2012-07-20T10:48:12.540 回答