Why is my query string so long?

 

I am using MVC 5, and just now got the following message:

"The request filtering module is configured to deny a request where the query string is too long."

Why is my query string so long?
Notice how it repeats the same information over-and-over. I am currently trying to default the [Authorize] using Global Filtering, but I haven't altered anything in the WEB.CONFIG...What would cause this?

QUERY STRING LOKS LIKE:
localhost:80/yourapplication/account/login?ReturnUrl=%2Fyourapplication%2Faccount%2Flogin%3FReturnUrl%3D%252Fyourapplication%252Faccount%252Flogin%253FReturnUrl%253D%25252Fyourapplication%25252Faccount%25252Flogin%25253FReturnUrl%25253D%2525252Fyourapplication%2525252Faccount%2525252Flogin%2525253FReturnUrl%2525253D%252525252Fyourapplication%252525252Faccount%252525252Flogin%252525253FReturnUrl%252525253D%25252525252Fyourapplication%25252525252Faccount%25252525252Flogin%25252525253FReturnUrl%25252525253D%2525252525252Fyourapplication%2525252525252Faccount%2525252525252Flogin%2525252525253FReturnUrl%2525252525253D%252525252525252Fyourapplication%252525252525252Faccount%252525252525252Flogin%252525252525253FReturnUrl%252525252525253D%25252525252525252Fyourapplication%25252525252525252Faccount%25252525252525252Flogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252Fyourapplication%2525252525252525252Faccount%2525252525252525252Flogin%2525252525252525253FReturnUrl%2525252 525252525253D%252525252525252525252Fyourapplication%252525252525252525252Faccount%252525252525252525252Flogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252Fyourapplication%25252525252525252525252Faccount%25252525252525252525252Flogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252Fyourapplication%2525252525252525252525252Faccount%2525252525252525252525252Flogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252Fyourapplication%252525252525252525252525252Faccount%252525252525252525252525252Flogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252Fyourapplication%25252525252525252525252525252Faccount%25252525252525252525252525252Flogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252Fyourapplication%2525252525252525252525252525252Faccount%2525252525252525252525252525252Flogin%25252 52525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252Fyourapplication%252525252525252525252525252525252Faccount%252525252525252525252525252525252Flogin

THE CODE LOOKS LIKE:
I am testing to see if I can default to [Authorize] everywhere & still have my custom error pages come up. However, the error mentioned above arises instead of redirecting. I have no "httpErrors" or "customErrors" entries in the WEB.CONFIG. 

protected void Application_Start()
{
    AreaRegistration.RegisterAllAreas();
    GlobalConfiguration.Configure(WebApiConfig.Register);
    FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
    RouteConfig.RegisterRoutes(RouteTable.Routes);
    BundleConfig.RegisterBundles(BundleTable.Bundles);
}

protected void Application_Error(object sender, EventArgs e)
{
    var exception = Server.GetLastError();
    var httpException = exception as HttpException;
    Response.Clear();
    Server.ClearError();
    var routeData = new RouteData();
    routeData.Values["controller"] = "Error";
    routeData.Values["action"] = "General";
    routeData.Values["exception"] = exception;
    Response.StatusCode = 500;
    if (httpException != null)
    {
        Response.StatusCode = httpException.GetHttpCode();
        switch (Response.StatusCode)
        {
            case 403:
                routeData.Values["action"] = "Forbidden";
                break;

            case 404:
                routeData.Values["action"] = "NotFound";
                break;

           case 500:
                routeData.Values["action"] = "UnExpected";
                break;
        }
    }

    IController errorsController = new ErrorController();
    var rc = new RequestContext(new HttpContextWrapper(Context), routeData);
    errorsController.Execute(rc);
}

public class FilterConfig
{
    #region <Methods>

    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        // FORCE: Authorize on all actions (by default)
        filters.Add(new AuthorizeAttribute());
    }

    #endregion
}

// The AUTHORIZE ATTRIBUTE is now defaulted on all actions...so we don't need it here
public class AccountController : BaseController
{
    #region <Actions>

    [HttpGet]
    // The TEST is to see the ERRORS PAGE COME UP so put nothing here
    public ActionResult Login(string returnUrl)
    {
        // The user-call should be redirected to the error page when called...but oddly isn't
    }

    #endregion
}

[AllowAnonymous]
public class ErrorsController : Controller
{
    #region <Actions>

    // GET: /Errors/Unexpected
    [HttpGet]
    [AllowAnonymous]
    public ActionResult Unexpected()
    {
        TraceHandler.TraceIn(TraceLevel.Error);

        var unitOfWork = new ApplicationUnitOfWork();
        var viewModel = new UnExpectedErrorViewModel(unitOfWork);

        Response.StatusCode = (int)viewModel.StatusCode;
        Response.TrySkipIisCustomErrors = true;

        TraceHandler.TraceOut();
        return View(viewModel);
    }

    // GET: /Errors/Forbidden
    [HttpGet]
    [AllowAnonymous]
    public ActionResult Forbidden()
    {
        TraceHandler.TraceIn(TraceLevel.Error);

        var unitOfWork = new ApplicationUnitOfWork();
        var viewModel = new ForbiddenErrorViewModel(unitOfWork);

        Response.StatusCode = (int)viewModel.StatusCode;
        Response.TrySkipIisCustomErrors = true;
        Response.SuppressFormsAuthenticationRedirect = true;

        TraceHandler.TraceOut();
        return View(viewModel);
    }

    // GET: /Errors/NotFound
    [HttpGet]
    [AllowAnonymous]
    public ActionResult NotFound()
    {
        TraceHandler.TraceIn(TraceLevel.Error);

        var unitOfWork = new ApplicationUnitOfWork();
        var viewModel = new NotFoundErrorViewModel(unitOfWork);

        Response.StatusCode = (int)viewModel.StatusCode;
        Response.TrySkipIisCustomErrors = true;

        TraceHandler.TraceOut();
        return View(viewModel);
    }

    #endregion
}

For some reason, your login page is redirecting you to the login page, which is in turn redirected to the login page and...

Are you using the standard Asp.net MVC login system? What configuration did you change? Did you remove the [AllowAnonymous] Attribute on Login method?

There is an [Authorize] attribute on AccountController which allows only logged-in users to see all actions. Clearly this is not wanted for Login and Register and any other methods that should be accessed by anonymous users.

Why is my query string so long?

Allow the users to login. Your global [Authorize] filter is checking if you are logged in, it finds it false and again redirects you to login page, thus redirecting infinitely and thus increasing your query string each time it redirects.

Solution is to add [AllowAnonymous] attribute on your methods which you want the user to access directly. In this case, just add [AllowAnonymous] attribute on login method and you will be good to go.

链接地址: http://www.djcxy.com/p/42084.html

上一篇: 抓住太长的表单提交

下一篇: 为什么我的查询字符串很长?