I have a strange error I have never run into before.
I secured a controller with:
[Authorize(Roles = "admin")] public class LoggingController : Controller
When a non-admin user tries to access any protected content, they are redirected to:
http://localhost:50501/Account/Login?ReturnUrl=%2flogging
note: account/login and NOT account/logon
The AccountController.Login action does not exist.
web.config has:
<authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication>
I can of course implement the Login action and redirect to Logon. I am just puzzled and would like to know why this happens.
This issue usually happens when you use different accounts to sign in Office portal in the same browser. This is because the browser caches your account credential in one session. If you don't log out completely, your account credential will be submitted automatically to keep the session.
Description. Page to which users are automatically redirected after completing a successful authentication. The configured redirect destination can be either: A server-relative Uniform Resource Locator (URL), or. An absolute URL, or.
The ReturnUrl typically just exists as a mechanism to point you back to your previous page after you have authenticated. For example if you were navigating to a specific area that required authentication like "Restricted. aspx", it might point you back to your Login.
Search your project for login - it has to be specified somewhere. Is there any other web.config value overriding this (maybe looking at a child root and the parent value is being used) Also is there any redirect that is happening? Are there any defaults set in your machine's web.config? Is your default url on the project set to be a /login?
Install glimpse route debugger to see which route is being used for this page as well.
EDIT: A little more research yields a known issue. Check out this link: ASP.NET MVC issue with configuration of forms authentication section
Theres a bug in mvc 3 beta - are you running the beta bits? Also notice the mentioned item in the above url for RTM bits:
<add key="loginUrl" value="~/LogOn" />
Also check out http://forums.asp.net/p/1616153/4138366.aspx
EDIT 2
Below is a solid comment about a potential source of this from @santiagoIT (upvote his comment please if the specifics help you)
Today I discovered the root of this problem: I had added 'deployable dependency' on 'ASP.NET Web Pages with Razor Syntax'. This adds a reference to: WebMatrix.Data.dll This assembly has a class with a static constructor that does the following: static FormsAuthenticationSettings(){ FormsAuthenticationSettings.LoginUrlKey = "loginUrl"; FormsAuthenticationSettings.DefaultLoginUrl = "~/Account/Login";} That explains!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With