ASP.Net MVC 标识无限重定向循环

Question

我有一个 ASP.Net MVC5 应用程序，根据 ASP.Net Identity 2.0.0 使用 Identity "out of the box" 模板。我需要升级它以使用最新 ASP.Net MVC 模板中的更新代码，即使用 SignInManager class.

我对我原来的应用程序中的代码和最新生成的模板做了一些 A|B 比较，并移植了所有我能看到的不同之处。

但是，我收到一个奇怪的错误，我怀疑与 OWIN 相关。当我尝试登录或注册时，它会触发一个重定向循环，最终使应用程序崩溃并发出安全警告，因为 URL 查询字符串已将自身连接到死。

---

URL 是： https://localhost:44302/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAccount%252525252525252525252525252525252525252FLogin

详细错误信息：

模块 RequestFilteringModule

通知 开始请求

处理程序 ExtensionlessUrlHandler-Integrated-4.0

错误代码 0x00000000

---

我在所有方法中引用 ReturnUrl 时都使用了完全相同的设置。

在大多数情况下，我的应用程序的原始 AccountController 和相关的安全代码并未从原始模板中受到影响。 我较新的示例应用程序在我的本地机器上运行良好，所以我不确定差异在哪里。

我看到帖子暗示 IIS Express 配置是罪魁祸首，但我遵循了清理建议，并将相同的结果发布到 Azure 站点。

我花了很多时间试图解决这个问题，但没有取得任何成功，所以我想我应该把它放在那里寻求一些建议……在此先感谢您提供的所有帮助。如果您需要查看更多代码，请告诉我。

Answer 1

我认为您的登录操作缺少 [AllowAnonymous] 属性。

Answer 2

您在本地设置了 SSL 吗？ 在 HTTPS 上进行身份验证，然后被重定向到 HTTP，这会杀死 cookie 并重定向回 HTTPS 登录页面

您是否在 web.config 中获得了用于表单身份验证重定向的内容，例如

  protection="All" requireSSL="true" loginUrl="~/Account/Login.aspx"

你的饼干看起来还好吗？

Answer 3

已解决...原来罪魁祸首是我的 Unity DI 配置。

我深入研究发现每次重定向都会递归抛出错误，这表明 AccountController 依赖项没有被实例化。去年我遇到了类似的问题 Unity Container trying to resolve non registered type, throwing error ，所以我进一步研究了更改后的依赖项。

按照 Register IAuthenticationManager with Unity 中的建议答案解决了问题。

感谢关于 SSL/HTTPS/过滤器的建议，调查这些让我发现了异常。

Answer 4

我之前也遇到过同样的问题，通过在网络配置中添加这一行来解决

<add key="owin:AutomaticAppStartup" value="false"/>

它将禁用 OWIN 启动发现。

希望有用。

同时检查 IIS 虚拟目录。检查匿名用户是否启用，如果禁用则启用它，问题将得到解决。