我對在 ASP.NET MVC 5 中實現角色有點束手無策。我正在嘗試以不具有訪問我要訪問的應用程序區域所需角色的使用者身份登錄。在這種情況下，我所期望的是，我會再次重定向到登錄頁面，直到我輸入一組可以訪問的憑據或導航到應用程序的另一個區域。

實際發生的情況是應用程序似乎進入了登錄重定向循環，調試顯示登錄操作被多次呼叫。

這是登錄操作：

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
   ViewBag.ReturnUrl = returnUrl;
   return View();
}

這會導致 IIS 生成錯誤：

HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.

查詢字元串如下所示：

http://localhost/MyApplication/Account/Login?ReturnUrl=%2FMyApplication%2FAccount%2FLogin%3FReturnUrl%3D%252FMyApplication%252FAccount%252FLogin%253FReturnUrl%253D%25252FMyApplication%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FMyApplication%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FMyApplication%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FMyApplication%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FMyApplication%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FMyApplication%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FMyApplication%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FMyApplication%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FMyApplication%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FMyApplication%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FMyApplication%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FMyApplication%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FMyApplication%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FMyApplication%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FMyApplication%252525252525252525252525252525252F

我從一個工作解決方案（儘管沒有基於角色的授權）到我目前的損壞情況所做的唯一更改是在成功登錄時重定向到的控制器上方添加以下內容：

[Authorize(Roles = "Staff")]

正如我之前所說，我登錄的使用者不是這個角色，但我希望一個理智的、單一的重定向到登錄，沒有循環。

編輯：請求bu @dima，通過過濾器應用的授權細節……我有以下內容：

public class FilterConfig
{
   public static void RegisterGlobalFilters(GlobalFilterCollection filters)
   {
       filters.Add(new HandleErrorAttribute());
       filters.Add(new AuthorizeAttribute());
   }
}

但是，我已經測試了有無這條線的應用程序，並且重定向循環繼續有增無減。

雖然這個問題很老，但我遇到了同樣的問題並找到了解決方案。

最初，我添加了相同的 AuthorizationAttribute 過濾器，並發現自己處於相同的循環中。然後我把它拿走，開始給各個控制器添加授權屬性，發現只有在我的家庭控制器添加授權屬性時才會發生無限循環。事實證明，在我HomeController的.AccountController

問題

---

在我的_Layout.cshtml中，我正在呼叫以下內容：

@Html.Action("LeftNav", "Home")

佈局頁面將正確呈現主體，但是當它到達此位置時，它遇到了一個具有授權屬性的控制器方法。這導致重定向到Account/Login.

將AllowAnonymous屬性添加到LeftNav操作解決了該問題。

解決方案

---

確保您的Login視圖和佈局不呼叫任何具有授權屬性的操作。

自從發現這一點以來，我為我的未經授權的請求創建了一個自定義佈局，以避免更多類似的潛在問題。

引用自：https://stackoverflow.com/questions/23107030