Hi,
I have setup IIS's authentication by enabling Windows Authentication and disabling Anonymous Authentication. When browsing the site I get presented with the following error message:
The request filtering module is configured to deny a request where the query string is too long
Here is the generated URL upon login:
http://localhost:80/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAccount%252525252525252525252525252525252525252FLogin%252525252525252525252525252525252525253FReturnUrl%252525252525252525252525252525252525253D%25252525252525252525252525252525252525252F
How do I fix this?
4 Answer(s)
-
0
Hi,
Does your initial url which you write to browser contains returnUrl parameter ?
-
0
I suppose that your Login action somehow recursively calls itself. If you deny to all anonymous requests, how to go to login page?
-
0
Just to give some context...
This is a intranet site and should only allow domain users access. In the web.config the database connection has been set as a trusted connection, which from what I understand indicates that it will be using Integrated Security (AKA Windows Authentication). In the core module, I have also set Multi Tenancy to false and enabled LDAP authentication. The web application is running on one server with the database running on a remote server Both of the servers are on the domain
Maybe I am misunderstanding something, but surely it must take me to the Login page for me to enter AD account details which would then be passed to the remote SQL server?
I think I may have found where It is generating the recursive ReturnURL, but don't know how to fix this. Please see below:
public virtual async Task<JsonResult> Login(LoginViewModel loginModel, string returnUrl = "", string returnUrlHash = "") { CheckModelState(); _unitOfWorkManager.Current.DisableFilter(AbpDataFilters.MayHaveTenant); var loginResult = await GetLoginResultAsync(loginModel.UsernameOrEmailAddress, loginModel.Password, loginModel.TenancyName); if (loginResult.User.ShouldChangePasswordOnNextLogin) { loginResult.User.SetNewPasswordResetCode(); return Json(new MvcAjaxResponse { TargetUrl = Url.Action( "ResetPassword", new ResetPasswordViewModel { UserId = SimpleStringCipher.Encrypt(loginResult.User.Id.ToString()), ResetCode = loginResult.User.PasswordResetCode }) }); } await SignInAsync(loginResult.User, loginResult.Identity, loginModel.RememberMe); if (string.IsNullOrWhiteSpace(returnUrl)) { returnUrl = Url.Action("Index", "Application"); } ]if (!string.IsNullOrWhiteSpace(returnUrlHash)) { returnUrl = returnUrl + returnUrlHash; } return Json(new MvcAjaxResponse { TargetUrl = returnUrl }); }As a side note, I have specified a RedirectToAction("Index", "Application") within the Index method of the Home controller to take me directly to the web app instead of the landing page. Could this have something to do with the problem I am be presented with?
-
0
Hi,
On the IIS Manager, under feature delegation, Authentication should have read/write delegation. After that, you will be able to see login page.
But i didn't test the rest with ldap login, please test and share your result :).
