Form Authentication and XmlDocument.Load

元气小坏坏 提交于 2020-01-30 11:25:47

问题


I'm running an asp.net web application with c#. The following is used: - Windows 2003 server - IIS6.0 - .net Framework 2.0.50727

I'm trying to implement Forms Authentication and have entered the following code in the Web.Config file:

<authentication mode="Forms"> 
  <forms loginUrl="01_Login.aspx" 
         name=".ASPXFORMSAUTH" 
         defaultUrl="02_PendingDoc.aspx" 
         timeout="120" 
         path="/" 
         protection="All" 
         enableCrossAppRedirects="true"> 
  </forms> 
</authentication> 

<authorization> 
  <deny users="?"/> 
  <allow users="*"/> 
</authorization> 

The login is working as expected, the users can't access any pages other than the 01_Login.aspx until they logged in with a valid username and password. When the user provides the correct login details the following code is done:

FormsAuthentication.RedirectFromLoginPage(logLogin.UserName, false);

However, when the user clicks on a button the following code is run:

//Load xml file into XMLDocument object 
XmlDocument xmlDoc = new XmlDocument(); 

try 
{ 
        xmlDoc.Load("SearchConfig.xml"); 
} 
catch (XmlException e) 
{ 
      Console.WriteLine(e.Message); 
} 

The xmlDoc.Load function above will fail and create an XmlException with the following message "{"Expected DTD markup was not found. Line 5, position 3."}". I have also tried to comment out the following part of the Web.Config file:

<deny users="?"/>

And then the xmlDoc.Load function works, but of course, then the users can access all of my applications pages.

Anyone, that have any idea what I've done wrong?


回答1:


<?xml version="1.0"?>
<BankSearch><SearchColumns>
    <Column>
        <Name>Bank_Name</Name>
        <Control>TextBox</Control>
        <Description>Bank Name</Description>
    </Column>
</SearchColumns>
<SearchStoredProc Name="usp_BankSearch">
    <Parameter1 control="txtBank_Name">@Bank_Name</Parameter1>
</SearchStoredProc>
<DisplayColumns>
    <Column HeaderText="Bank Name" HyperLinkColumn="True" NavigateUrl="~/Bank/Bank.aspx"  NavigateUrlFields="Bank_Id"   QueryStrings="BID">Bank_Name</Column>       
    <Column HeaderText="Bank Address">Bank_Address</Column>
    <Column HeaderText="Bank Email Id">BANK_EMAIL_ID</Column>
    <Column HeaderText="Bank Phone">Bank_Phone</Column>
    <Column HeaderText="Bank Fax">BANK_FAX_NO</Column>
    <Column HeaderText="City">City</Column>
    <Column HeaderText="Postal Code">POSTAL_CODE</Column>
    <Column HeaderText="State">STATE_NAME</Column>
    <Column HeaderText="Country">Country_Name</Column>              
</DisplayColumns>




回答2:


if you are using forms authentication, even if you are already logged in, xmlDocument is going to the loging page first. This page is not an XML file. Hence the exception. I saw a suggestion that this could work:

void Main()
{
    XmlUrlResolver resolver = new XmlUrlResolver();
    resolver.Credentials = CredentialCache.DefaultCredentials;

    var x = new XmlDocument();
    x.XmlResolver = resolver;
    x.Load("https://yourUrl");
}

It sounds like a good advice but i could not get it work. I will try to get the xml using a web request instead. Because when I use a web browser, the xml is returned without needing to log on again through forms authentication.


Finally found the solution. As I explained this is due to using forms authentication. I was thinking once HTTPS is established all communication from the application will have authorization automatically. However, calls to back-end applications require authentication. That is why instead of getting back the xml I was getting an html page which is the login page. I managed to bypass the forms authentication by adding the authentication cookie as below:

var httpCookie = FormsAuthentication.GetAuthCookie(context.User.Identity.Name, false);
var cookie = new Cookie(httpCookie.Name, httpCookie.Value, httpCookie.Path, HttpContext.Current.Request.Url.Host);
var rq = (HttpWebRequest) WebRequest.Create(url);
rq.CookieContainer = new CookieContainer();
rq.CookieContainer.Add(cookie);
var rs = (HttpWebResponse) rq.GetResponse();                
var strm = rs.GetResponseStream();
var rdr = new StreamReader(strm);
var str = rdr.ReadToEnd();
var userDetails = new XmlDocument();                
userDetails.LoadXml(str);


来源:https://stackoverflow.com/questions/2107145/form-authentication-and-xmldocument-load

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!