I have a .aspx with a static method decorated with the [WebMethod] attribute and a ScriptManager on the page, so that the WebMethod can be called with PageMethods.MethodName(). Forms authentication is enabled.
我有一个带有[WebMethod]属性和页面上的ScriptManager的静态方法的.aspx,因此可以使用PageMethods.MethodName()调用WebMethod。表单身份验证已启用。
This works well in all scenarios except where the WebMethod is invoked on an expired session. When that happens, the service returns HTTP 401 and a username/password dialog pops up! I would much rather the user be redirected, as they are with any other request (including asynchronous postbacks). Is there a way to trap that specific condition, or to configure the application to do the right thing when presented with this case?
这适用于所有方案,除非在过期的会话上调用WebMethod。当发生这种情况时,服务返回HTTP 401并弹出用户名/密码对话框!我更愿意重定向用户,因为它们与任何其他请求(包括异步回发)有关。有没有办法捕获该特定条件,或者配置应用程序在出现此案例时做正确的事情?
edited to correct actual HTTP status code - it's an HTTP 401, not a 403
编辑以纠正实际的HTTP状态代码 - 它是HTTP 401,而不是403
2 个解决方案
#1
We havet the same problem. We resolved this by disabling Windows Authentication on IIS. That is strange, because our application is configured to use FormsAuthentication too.
我们有同样的问题。我们通过在IIS上禁用Windows身份验证来解决此问题。这很奇怪,因为我们的应用程序也配置为使用FormsAuthentication。
#2
You could setup a webservice for your application that could check IsUserAuthenticated() before you call your WebMethod. If it returns false you could then do a redirect in javascript to your login page and avoid the error. Make sure that this web service doesn't require authentication.
您可以为您的应用程序设置一个Web服务,可以在调用WebMethod之前检查IsUserAuthenticated()。如果它返回false,那么您可以在javascript中重定向到您的登录页面并避免错误。确保此Web服务不需要身份验证。
The problem is that the AuthenticateRequest event gets processed before your page ever gets control. Which means there is nothing you can do in the codebehind to solve this issue. Because it's the FormsAuthenticationModule which is rejecting the request and returning the HTTP 403.
问题是AuthenticateRequest事件在您的页面获得控制之前得到处理。这意味着您无法在代码隐藏中解决此问题。因为它是FormsAuthenticationModule,它拒绝请求并返回HTTP 403。
#1
We havet the same problem. We resolved this by disabling Windows Authentication on IIS. That is strange, because our application is configured to use FormsAuthentication too.
我们有同样的问题。我们通过在IIS上禁用Windows身份验证来解决此问题。这很奇怪,因为我们的应用程序也配置为使用FormsAuthentication。
#2
You could setup a webservice for your application that could check IsUserAuthenticated() before you call your WebMethod. If it returns false you could then do a redirect in javascript to your login page and avoid the error. Make sure that this web service doesn't require authentication.
您可以为您的应用程序设置一个Web服务,可以在调用WebMethod之前检查IsUserAuthenticated()。如果它返回false,那么您可以在javascript中重定向到您的登录页面并避免错误。确保此Web服务不需要身份验证。
The problem is that the AuthenticateRequest event gets processed before your page ever gets control. Which means there is nothing you can do in the codebehind to solve this issue. Because it's the FormsAuthenticationModule which is rejecting the request and returning the HTTP 403.
问题是AuthenticateRequest事件在您的页面获得控制之前得到处理。这意味着您无法在代码隐藏中解决此问题。因为它是FormsAuthenticationModule,它拒绝请求并返回HTTP 403。