c# - 身份验证超时后单击注销时找不到资源错误

Question

我使用 ASP.NET 4 SimpleMembership 提供的默认身份验证方法。我没有在 web.config 文件中设置身份验证超时，我使用以下代码设置超时:

int timeout = model.RememberMe ? 2880 : 10; // Timeout in minutes, if rememberme is checked it's 2 days else 10 minutes
                    var ticket = new FormsAuthenticationTicket(model.UserName, model.RememberMe, timeout);
                    string encrypted = FormsAuthentication.Encrypt(ticket);
                    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
                    cookie.Expires = System.DateTime.Now.AddMinutes(timeout);
                    cookie.HttpOnly = true; 
                    Response.Cookies.Add(cookie);

一切正常，除了在名为 _LoginPartial.cshtml 的共享 View 中的注销链接，它的代码是:

@if (Request.IsAuthenticated)
{
    <text>
    Hello, @Html.ActionLink(User.Identity.Name, "Manage", "Account", routeValues: null, htmlAttributes: new { title = "Manage" })!
        @using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm" }))
        {
            @Html.AntiForgeryToken()
            <a href="javascript:document.getElementById('logoutForm').submit()">Log off</a>
        }
    </text>
}
else
{
    <ul>
        <li>@Html.ActionLink("Log in", "Login", "Account", routeValues: null, htmlAttributes: new { id = "loginLink" })</li>
    </ul>
}

当没有发生超时时，注销工作正常。当身份验证在 10 分钟后超时并且用户单击注销按钮时，用户将被重定向到具有 url 的登录页面

http://localhost:11408/Account/Login?ReturnUrl=%2fAccount%2fLogOff

用户登录后，重定向到url:

http://localhost:11408/Account/LogOff

并出现以下错误:

Server Error in '/' Application.

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

Requested URL: /Account/LogOff

我是 ASP.NET MVC 的新手，我不确定如何处理它。以下是我的路由配置:

public class RouteConfig
    {
        public static void RegisterRoutes(RouteCollection routes)
        {
            routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

            routes.MapRoute(
                name: "Default",
                url: "{controller}/{action}/{id}",
                defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
            );
        }
    }

我该如何解决这个问题？ :O

Answer 1

问题是 LogOff 没有实际页面 - 它只是一个服务器端方法。所以你不应该从登录方法重定向到那里。您可以通过更改登录方法以包括检查来解决此问题，以确保在超时到期后永远不会无意中调用注销方法。

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult Login(LoginModel model, string returnUrl)
    {
        if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
        {
            if (returnUrl != null && returnUrl.ToLowerInvariant().StartsWith("/account/logoff"))
            {
                return RedirectToLocal("/Account"); // Redirect to your default account page
            }
            return RedirectToLocal(returnUrl);
        }

        // If we got this far, something failed, redisplay form
        ModelState.AddModelError("", "The user name or password provided is incorrect.");
        return View(model);
    }