9

I have an MVC4 application with Membership logon (through FormsAuthentication).

This is defined in web.config as follows. My default url is home root (~/):

<roleManager enabled="true" />
<authentication mode="Forms">
  <forms defaultUrl="~" loginUrl="~/Account" />
</authentication>

In my AccountController in the Login post method, following code is relevant. This code is executed when the user clicks on the login with valid credentials.

if (Membership.ValidateUser(creds.Username, creds.Password))
{
    FormsAuthentication.RedirectFromLoginPage(creds.Username, false);
    return null;
}

Now, if I'm navigating (anonymously) to: ~/Admin, I get redirected to ~/Account to log in, which is perfect. I can see that the url is formed as follows:

http://localhost:23759/Account?ReturnUrl=%2fAdmin

But, when I succesfully login, I get redirected to home (~/) instead of ~/Admin

Please help! Many thanks!

Edit: Found the actual issue: it was the post method that wasn't receiving the querystring

Improve this question
1
  • From the MSDN (msdn.microsoft.com/en-us/library/ka5ffkce.aspx): "If the ReturnURL variable does not exist, the RedirectFromLoginPage method redirects to the URL in the DefaultUrl property." Looks like .NET doesn't know Admin exists. Maybe the slash (%2f) is causing the issue? Commented Sep 13, 2013 at 16:25

3 Answers 3

Reset to default
15

I found the solution! Thanks to FlopScientist, who got me thinking further.

It was indeed because I was doing a POST method, which did not take the QueryString from the GET into account.

First I had this in my View:

@using (Html.BeginForm("Index", "Account")
{
    <div class="LoginBox">
    //Etc...
    </div>
}

I have updated it to following:

@using (Html.BeginForm("Index", "Account", new { ReturnUrl = Request.QueryString["ReturnUrl"] }, FormMethod.Post))
{
    //Etc...
}

Now I can actually see a querystring in my debug and I do get a correct redirect!

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Glad to know I helped you
4

There doesn't seems any issue with your Return URL: [ %2f is / ] localhost:23759/Account?ReturnUrl=%2fAdmin

So, what remains is to do some checks as to what is causing such behaviour.

1.) Are you sure that the return page as specified in the return url:

localhost...?ReturnUrl=%2fAdmin

actually exists and your user has access to it?Here Admin is a folder, so you must have a page default.aspx inside this folder. If it does not exists, RedirectFromLoginPage by default will send you to DefaultURL.

2.) Also, Try using FormsAuthentication.GetRedirectUrl() method to see what happens.

if (Membership.ValidateUser(creds.Username, creds.Password))
{
    Response.Redirect(FormsAuthentication.GetRedirectUrl(username, false));
}

3.) OR does this works ? [ Recommended for debug purposes ]

if (!string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
{
    Response.Redirect("~/Admin");
}

Lastly make sure there are NO such code lines redirecting user to other pages/DefaultURL.

Improve this answer

1 Comment

I have updated my question with my findings to get better formatting.
2

It probably because that path is not detected as same app path:

By default, the ReturnUrl variable must refer to a page within the current application. If ReturnUrl refers to a page in a different application or on a different server, the RedirectFromLoginPage method redirects to the URL in the DefaultUrl property. If you want to allow redirects to a page outside the current application, you must set the EnableCrossAppRedirects property to true using the enableCrossAppRedirects attribute of the forms configuration element.

from: http://msdn.microsoft.com/en-US/library/1f5z1yty.aspx

Improve this answer

1 Comment

Thanks for your suggestion. As stated in my question (updated), there seems to be something wrong with the querystring...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.