Today I started playing with the MVC 3 Beta. Started with an application from default MVC 3 template, added a new action in the Home controller as follows(with a view for it)
[Authorize]
public ActionResult Secured()
{
ViewModel.Message = "This is secured area, only authenticated users should be here.";
return View();
}
Now when I try to go to navigate to Secured action I get a 404 page not found error.
Here is the authentication section from my web.config.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
If I understood it right the Authorize attribute should result in a 401 unauthorized HTTP response which should be intercepted by the authentication handler and redirect me to the loginUrl. Which should result in Account/LogOn action.
My MVC 2 application works as expected and takes me to Account/LogOn action, am I missing something? or Is this a bug in MVC 3 beta?
ScottGu replies to a similar question on his blog that this is apparently a bug.
The workaround is to add this entry:
<add key="autoFormsAuthentication" value="false" />
to your <appSettings
/> section in the web application's root web.config file.
It doesn't work with the RTM any more
You need to add
<add key="loginUrl" value="~/Account/LogOn" />
to the appSettings in the Web.Config
The issues is in ConfigUtil in WebMatrix.WebData
private static string GetLoginUrl()
{
return ConfigurationManager.AppSettings[FormsAuthenticationSettings.LoginUrlKey] ?? FormsAuthenticationSettings.DefaultLoginUrl;
}
staticFormsAuthenticationSettings()
{
LoginUrlKey = "loginUrl";
DefaultLoginUrl = "~/Account/Login";
}
After I delete WebMatrix*.dll in bin directory, everything is OK.
MVC 4 exhibits the same problem. However on MVC 4 if authentication mode is correctly set to ="Forms" in the configuration file, like in the following, the problem disappears:
<authentication mode ="Forms">
<forms loginurl = "your login" timeout ="2880" slidingExpiration="true">
</authentication>
It works for me. Take out the mode and it gives you trouble.