1

I have a simple action that takes a single paramter as a string, it returns a users profile page which is working fine.

However a user has told me today that nobody can see he's profile unless logged in, it simply redirects to the login page.

I have checked the IIS7 log file, and I can see that it is returning a 302 status and then loads the login page.

Here is the page that doesn't work:

http://www.house-mixes.com/profile/mixchemist/

Here is an example that works fine:

http://www.house-mixes.com/profile/housemixes/

There are no authorize attributes on the action / controller, I do have Helicon Ape installed managing some custom redirects for me, but I have disabled this and still get the same result.

I'm pretty puzzled here at what could cause this only on a certain profile, any ideas?

EDIT:

There is definetly no Authorize attributes at any level, default or custom. My web.config is pretty standard, and I am using MVC2:

<authentication mode="Forms">
      <forms cookieless="UseCookies" enableCrossAppRedirects="true" loginUrl="~/Login" name=".ASPXAUTH" slidingExpiration="true" timeout="100000" requireSSL="false" />
    </authentication>

Here is my controllers action (only attribute at controller level is [HandleError]):

[Transaction]
[PassParametersDuringRedirect]
[ModelStateToTempData]
[HttpGet]
public ActionResult Index(string artist)
{
    Account account = accountTasks.GetProfileByUsername(artist);

    if (account == null)
        return RedirectToAction<HomeController>(x => x.Index(), null);

    var viewModel = Mapper.Map<Account, ProfilePageViewModel>(account);

    return View(viewModel);
}

Paul

Improve this question
2
  • Have tried simulating the issue in your development environment? Commented Jun 20, 2011 at 13:25
  • Have got any custom logic where it checks to see if a user is authorised to view a specific profile and if not redirect to login page? Commented Jun 20, 2011 at 13:27

3 Answers 3

Reset to default
3

That definitely looks like an action that requires authentication. No idea where the problem comes from as you haven't shown any code nor explained how your site works and is organized but you may start looking for [Authorize] attributes (custom or default ones, as well as global action filters if this is an ASP.NET MVC 3 application) as well as <authorization> sections in your web.configs.

That's absolutely related to some custom code that runs and simply requires authentication in order to access this resource.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

PM> Install-Package Glimpse

Use the tools provided by Glimpse Web Debugger to get a very clear idea of what MVC sees.

Improve this answer

3 Comments

ok I have this installed now, however i'm not sure what I need to be looking at...it will only show me information regarding the login page after the redirect rather than the profile page.
@Paul Hinett with your statements there it seems like you're being redirected before you can see any of the results from glimpse, I would look at seeing if there's an option to put your web browser into request approval for redirects so you can get the output of glimpse for it's route information and MVC action information before the redirection. | If that seems fruitless you could explore on glimpse to see if you can make it log to disk or something else similar to let you see the information you need.
Another note, the REMOTE tab on glimpse should let you see history of recent requests so that redirection shouldn't be an issue.
1

Found the issue, you was right in saying that there was an Authorize attribute placed on an action inside a controller, the controller was being called due to a Html.RenderAction() inside the View.

The reason it wasn't working for a specific user is because I allow users to add different widgets to their profile to arrange how they choose, it was a certain widget that had the Authorize attribute on.

Thought I would post back the answer in case it throws anyone else off in the future.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.