ASP.NET MVC issue with configuration of forms authentication section

Question

I have an ASP.NET MVC 3 Beta application running on IIS. In my web.config I defined following section responsible for forms authentication:

<authentication mode="Forms">     <forms          loginUrl="~/Account/LogOn"          name=".VNK"          protection="All"          timeout="43200"          cookieless="UseCookies" /> </authentication> 

The defined login address is ~/Account/LogOn.

When I try to get the login url using:

FormsAuthentication.Initialize(); string loginUrl = FormsAuthentication.LoginUrl;  

I receive: /VNK/site/Account/Login

Why do I get a different address from the one defined in web.config?

UPDATE: The "/VNK/site/" prefix is not a problem here. The problem is that LoginUrl property of FormsAuthentication class does not reflect the value from web.config. It means that if I change the value of loginUrl attribute in web.config from "~/Account/LogOn" to e.g. "~/foobar", FormsAuthentication.LoginUrl still has value of "/VNK/site/Account/Login". Why ?

Answer 1

I think there is a bug in ASP.NET MVC 3 Beta. This problem does not appear in previous releases of ASP.NET MVC.

If anyone wants to replay this error, he should follow this:

1.Download the mvc framevork.

2.Create new ASP.NET MVC 3 Web Application

3.Applay Authorize attribute on About action in HomeController

[Authorize] public ActionResult About() {    return View(); }   

4.Start application and invoke About action by clicking on About tab. You will get server error, because application is trying to redirect You to such URL:

http://localhost:[port_num]/Account/Login?ReturnUrl=%2fHome%2fAbout

There is obviously no Login view. There is LogOn view. Url to LogOn action is defined in untouched web.config:

<authentication mode="Forms">   <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> 

But application does not reflect that. Have anyone any clue what's going on ?

UPDATE:

I was right, there is a bug in MVC 3 Beta. From known issues:

"There’s a known issue that causes Forms Authentication to always redirect unauthenticated users to /Account/Login, ignoring the forms authentication setting used in Web.config. The workaround is to add the following app setting."

<add key="autoFormsAuthentication" value="false" /> 

UPDATE 2:

Alexander Prokofyev noticed, that ASP.NET 3 RTM looks for another setting. So you need this line instead:

<add key="loginUrl" value="~/LogOn" />

Answer 2

If you have access to IIS, then append a new application and enable ASP.NET "integrated pipelining" in application pool section by double clicking it.

If your hosting provider does not grant you access to IIS, then login to the control panel.

• Go to websites, under the management tab- enable ASP.NET integrated pipe lining.
• Set your application as a virtual directory (It worked for me)