FormsAuthentication.EnableCrossAppRedirects 属性
定义
获取一个值,该值指示是否可以将经过身份验证的用户重定向到其他 Web 应用程序中的 URL。Gets a value indicating whether authenticated users can be redirected to URLs in other Web applications.
public:
static property bool EnableCrossAppRedirects { bool get(); };
public static bool EnableCrossAppRedirects { get; }
member this.EnableCrossAppRedirects : bool
Public Shared ReadOnly Property EnableCrossAppRedirects As Boolean
属性值
如果可以将经过身份验证的用户重定向到其他 Web 应用程序中的 URL,则为 true;否则为 false。true if authenticated users can be redirected to URLs in other Web applications; otherwise, false. 默认为 false。The default is false.
示例
下面的代码示例将 enableCrossAppRedirects true ASP.NET 应用程序的 Web.config 文件中的特性设置为。The following code example sets the enableCrossAppRedirects attribute to true in the Web.config file for an ASP.NET application.
<authentication mode="Forms">
<forms loginUrl="member_login.aspx"
cookieless="UseUri"
requireSSL="true"
enableCrossAppRedirects="true" />
</authentication>
注解
EnableCrossAppRedirects属性值是使用 enableCrossAppRedirects forms配置元素的属性设置的。The EnableCrossAppRedirects property value is set using the enableCrossAppRedirects attribute of the forms configuration element.
EnableCrossAppRedirects RedirectFromLoginPage 重定向 URL 未指向当前应用程序中的页面时,将在方法中检查属性。The EnableCrossAppRedirects property is checked within the RedirectFromLoginPage method when the redirect URL does not point to a page in the current application. 如果 EnableCrossAppRedirects 为 true ,则执行重定向; 如果 EnableCrossAppRedirects 为,则将 false 浏览器重定向到属性中定义的页 DefaultUrl 。If EnableCrossAppRedirects is true, then the redirect is performed; if EnableCrossAppRedirects is false, the browser is redirected to the page defined in the DefaultUrl property.
备注
跨应用程序重定向页面时,必须确保 forms 配置元素中的特定属性在经过身份验证的应用程序中重复。When you redirect pages across applications, you must make sure that specific attributes in the forms configuration element are duplicated across the authenticated applications. 有关详细信息和示例,请参阅 跨应用程序的窗体身份验证。For more information and an example, see Forms Authentication Across Applications.
重要
当允许跨应用程序重定向时,你的网站容易受到攻击,将用户定向到恶意网站,但使用网站的登录页。When cross-application redirects are allowed, your site is vulnerable to an exploit that directs users to a malicious Web site but uses the login page for your site. 请始终验证方法返回的重定向 URL GetRedirectUrl 是否为所需的 url,以便确保只允许重定向到批准的网站。Always verify that the redirect URL that is returned by the GetRedirectUrl method is a URL that you expect so that you can make sure that you allow redirects only to approved Web sites. 还必须验证 "重定向 URL" (HTTP 或 HTTPS) 使用适当的协议。You must also verify that the redirect URL uses the appropriate protocol (HTTP or HTTPS). 若要执行这些验证,可以将回发事件处理程序添加到登录页,也可以为控件的事件添加处理程序 LoggedIn Login 。To perform these verifications, you can add a postback event handler to your login page, or you can add a handler for the LoggedIn event of the Login control.