I have an ASP.NET MVC 3 application with forms authentication. For some reason that I cannot see, the login redirect url is /Account/Login?ReturnUrl=%2fSecure%2fAction instead of /Account/LogOn?ReturnUrl=%2fSecure%2fAction. The difference is subtle, its using /Account/Login instead of /Account/LogOn.
My web.config forms section is correct. Would else could possibly affect the login url??
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="720" />
</authentication>
This is a known issue. I had the same problem with my custom authorize attribute. I found the solution somewhere on the net, can't remember where. Just add this to appSettings in your web.config
<add key="loginUrl" value="~/Account/LogOn" />
Note: This works with MVC 3, I didn't try it with previous versions.
EDIT: Found it mentioned in release notes, but it seems that they've changed the setting name and forgot to update release notes for RTM version.
I ran into a similar problem sometime ago. After a few months I discovered the root of the problem: I had added a 'deployable dependency' on 'ASP.NET Web Pages with Razor Syntax'. This adds a reference to: WebMatrix.Data.dll
This assembly has a class with a static constructor that does the following:
static FormsAuthenticationSettings()
{
FormsAuthenticationSettings.LoginUrlKey = "loginUrl";
FormsAuthenticationSettings.DefaultLoginUrl = "~/Account/Login";
}
Check if you are referencing this dll.
frennky's answer helped me get to this. I needed all of these in my web.config:
<appSettings>
<add key="loginUrl" value="~/Authentication/LogOn" />
</appSettings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Authentication/LogOn" timeout="2880"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
To fix this problem, which still exist in MVC 3 you have to remove the WebMatrix.*.dll from _bin_deployableAssemblies and bin folders respectively.
Instead of this:
<appSettings>
<add key="loginUrl" value="~/Authentication/LogOn" />
</appSettings>
You could use this:
<appSettings>
<add key="PreserveLoginUrl" value="true" />
</appSettings>
It worked for me.
Is it originating from the redirect contained within your LogOn action result?
Search your project for the string LogIn and you may find where it is specified?
I just ran into this issue (like 6 years later and this page doesn't rank high in searches anymore...) my fix was similar to santiagoIT.
Because I added authentication to a project that didn't previously have it I pretty much "cheated" by copying required authentication code from a default project template which included:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
The forms authentication url was using web.config for all my aspx pages but bombed when I added the Authorize attribute.
Changing the LoginPath fixed my issue.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 别忘想泡老子 的文章《MVC Forms LoginUrl is incorrect》','https://www.manongdao.com/article-77308.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}