1

In a classical example of asp.net/mvc authentication LogOn action gets LogOnViewModel and returnUrl string to do an authentication and redirect to previous Url.

[HttpPost]
public ActionResult LogOn(LogOnViewModel model, string returnUrl)
{
if (ModelState.IsValid)
    if (!FormsAuthentication.Authenticate(model.UserName, model.Password))                                              
        ModelState.AddModelError("", "Incorrect user name or password."); 

    if (ModelState.IsValid)
    {
        FormsAuthentication.SetAuthCookie(model.UserName, false);
        return Redirect(returnUrl ?? "Bookings");
    }
    else
        return View();
}

But when request is handled by action returnUrl parameter is null, however there should be a value as author says. Could anybody please explain this?

Form from which I send request look like this: Views/Admin/LogOn.aspx

<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
  <div id="login">
    <% Html.EnableClientValidation(); %>
    <% using (Html.BeginForm("LogOn", "Admin")) { %>
      <%= Html.ValidationSummary(true) %>
      <div><label>Username:</label><input name="userName" type="text" /></div>
      <div><label>Password:</label><input name="password" type="password" /></div>
      <div><input type="submit" value="Login" /></div>
    <% } %>
  </div>
</asp:Content>

There is no hidden field generated on the form.

Authentication:

<authentication mode="Forms">
  <forms loginUrl="~/Admin/LogOn" timeout="2880">
    <credentials passwordFormat="SHA1">
      <user name="admin" password="hashedPassword"/>
    </credentials>
  </forms>
</authentication>
Improve this question
1
  • 2
    What does your submitting form look like? If you submit with a POST request, do you have a hidden element for the returnUrl parameter? Commented Nov 10, 2010 at 19:43

2 Answers 2

Reset to default
6

When you go to a page that isn't authenticated, the ReturnURL parameter is automatically added to your query string when you are redirected to the login page by the MVC framework.

Your current <form> tag in the view doesn't take this into account. It always goes to the same action disregarding any existing QueryString values.

If you use:

<% using (Html.BeginForm()) { %>
   // enter form html without the <form> tag
<% } %>

This will automatically create a <form> tag with 'action' value that takes into account any query strings that already exist on your page.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Action which user wants to invoke (www.mysite.com/Admin/Index) has [Authorize] attribute, that's why he is redirected to Logon page. Url on logon looks like www.mysite.com/Admin/LogOn?ReturnUrl=%2fAdmin%2findex /// using (Html.BeginForm()) didn't solve problem, still null in returnUrl
hmm, check that your variable is of the appropriate case: ReturnUrl
Tried, didn't help. Request.QueryString is empty. It smells fishy, it should work. Routes for these requests routes.MapRoute( "AdminMainPage", "admin/{action}", new { controller = "Admin", action = "Index" } ); routes.MapRoute( "AdminLogOn", "admin/logon/", new { controller = "Admin", action = "LogOn" } ); Anyway thanks a lot for
Yeah, that was a bit of a long shot - can you update your question with the authentication settings in web.config and the new code in your view.
no prob - it was bugging me why it isn't working. I guess the Html.BeginForm(string, string) method doesn't carry any QueryString forward, which I guess makes sense, since there's a Html.BeginForm(string, string, object) overload to specify the QueryString parameters.
|
1

Maybe try including a hidden input element in your form: 

<%:Html.Hidden("returnUrl", yourUrlHere) %>
Improve this answer

2 Comments

I don't know from which page user was redirected to LogOn page. Is there any way to knew that?
See Comment by Remus it is automatically added. No need to add the hidden input element.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.