I have an ASP.NET MVC 3 Beta application running on IIS. In my web.config
I defined following section responsible for forms authentication:
<authentication mode="Forms">
<forms
loginUrl="~/Account/LogOn"
name=".VNK"
protection="All"
timeout="43200"
cookieless="UseCookies" />
</authentication>
The defined login address is ~/Account/LogOn
.
When I try to get the login url using:
FormsAuthentication.Initialize();
string loginUrl = FormsAuthentication.LoginUrl;
I receive: /VNK/site/Account/Login
Why do I get a different address from the one defined in web.config
?
UPDATE: The "/VNK/site/" prefix is not a problem here. The problem is that LoginUrl
property of FormsAuthentication
class does not reflect the value from web.config. It means that if I change the value of loginUrl
attribute in web.config from "~/Account/LogOn" to e.g. "~/foobar", FormsAuthentication.LoginUrl
still has value of "/VNK/site/Account/Login". Why ?
I think there is a bug in ASP.NET MVC 3 Beta. This problem does not appear in previous releases of ASP.NET MVC.
If anyone wants to replay this error, he should follow this:
1.Download the mvc framevork.
2.Create new ASP.NET MVC 3 Web Application
3.Applay Authorize
attribute on About
action in HomeController
[Authorize]
public ActionResult About()
{
return View();
}
4.Start application and invoke About action by clicking on About tab. You will get server error, because application is trying to redirect You to such URL:
http://localhost:[port_num]/Account/Login?ReturnUrl=%2fHome%2fAbout
There is obviously no Login view. There is LogOn view. Url to LogOn action is defined in untouched web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
But application does not reflect that. Have anyone any clue what's going on ?
UPDATE:
I was right, there is a bug in MVC 3 Beta. From known issues:
"There’s a known issue that causes Forms Authentication to always redirect unauthenticated users to /Account/Login, ignoring the forms authentication setting used in Web.config. The workaround is to add the following app setting."
<add key="autoFormsAuthentication" value="false" />
UPDATE 2:
Alexander Prokofyev noticed, that ASP.NET 3 RTM looks for another setting. So you need this line instead:
<add key="loginUrl" value="~/LogOn" />
If you have access to IIS, then append a new application and enable ASP.NET "integrated pipelining" in application pool section by double clicking it.
If your hosting provider does not grant you access to IIS,
then login to the control panel.
- Go to websites, under the management tab- enable ASP.NET integrated
pipe lining.
- Set your application as a virtual directory
(It worked for me)
So the simple solution was to remove WebMatrix.*.dll from Bin folder in web project. I have done this for my asp.net project since it was redirecting my login to mvc style url.
Updated answer for MVC 4, heavily borrowed from this page and Request redirect to /Account/Login?ReturnUrl=%2f since MVC 3 install on server
<appSettings>
...
<add key="PreserveLoginUrl" value="true" />
</appSettings>
...
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="43200" /> <!--43,200 in minutes - 30 days-->
</authentication>
Put the following in appSettings:
<add key="loginUrl" value="~/Account/LogOn" />
You could empty loginUrl from Form Authentication configuration.
I removed the following from my web.config
<remove name="FormsAuthentication" />
and then everything seemed to work. This text had been added by default when I created my project.
The tilde (~) means "the root of my web site" so you don't have to keep using ..
or \
to step up and down the web site structure. However, from an IIS perspective you web application may have an additional layer of directory structure which is being reflected when you request the LoginUrl
programmatically. I'm unsure as to why you want to retrieve the LoginUrl, the normal state of affairs would have IIS redirect the user to the LoginUrl automatically any time they try to access a page that they are not authenticated for.
I think the server has trouble deciding what ~ means in this case, try giving a more direct url to the login page, such as /Account/LogOn.
Maybe you'll find something useful here http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx