0

I just joined a project that has been underway for a few months and have been asked to look at a bug where users are redirected to the forms authentication loginUrl after authentication times out. You're probably saying to yourself, that's not a bug, man! Well, the users are being directed to the "out of the box" login action on the Account controller ("~/Account/Login") instead of what we have in our web.config. So my question is, where else other than the web.config can this setting be stored? It has to be somewhere because I've changed the loginUrl value a number of times in web.config and we ALWAYS get redirected to /Account/Login when we time out.

We're using studio's built in web server locally.

Improve this question

2 Answers 2

Reset to default
1

One thought: there could a FilterAttribute subclass used on your controllers that's looking for an expired session and explicitly redirecting to ~/Account/Login, or to some LogOut action that eventually gets you there.

There could even be some JavaScript that's redirecting after a period of time.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks Adam, I'll check for either of those. Would either come as part of the vanilla, out of the box MVC project? To my knowledge that is how the project was created and the team is working on their first MVC project.
No, neither would. It seems you may have found a bug. See: asp.net/whitepapers/mvc3-release-notes. Scroll to the bottom.
Yep, found another question here on Stack that solves the problem (differently than on the asp.net site, but explains a little more about why) - link Someone on the team had referenced the WebMatrix.Data.dll which has a class in it with a static constructor that sets the loginUrl property to '~/Account/Login'.
1

I added this answer to consolidate what I found with what Adam suggested in the comments of the accepted answer. I found another route through the comments on another question here on Stack. Somehow I missed it in my initial search. In my case the WebMatrix.Data.dll was referenced in our project. This dll contains a class with a static constructor that sets the loginUrl property of the class to '~/Account/Login'. The solution was to override that setting with a new entry in app settings like so: <add key="loginUrl" value="/login" /> or to follow the instructions on the asp.net site and include this in appSettings in the web.config: <add key="autoFormsAuthentication value="false" />.

Hope this helps someone!

Improve this answer

1 Comment

The key answer is the App Setting loginUrl

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.