1

I have the following inheritance hierarchy in my ASP.net MVC 3 app:

  public class HomeController : AuthenticatedBaseController
{

    public ActionResult Index()
    {
        return View();
    }
}   


public class AuthenticatedBaseController : BaseController
{
    public AuthenticatedBaseController() 
    {
        if (!this.UserToken.IsAuthenticated)
        {
            RedirectToAction("Login", "Login");
        }
    }

}

public class BaseController : Controller
{

    private Token _token;
    public Token UserToken
    {
        get
        {
            _token = (Token)(Session["token"]);
            if (_token == null)
            {
                SetToken();
            }
            return _token;
        }
    }

    public void SetToken()
    {
        _token = new Token(Session.SessionID, Request.Url.Host, Request.Url.ToString());
        Session["token"] = _token;
    }
}

I am finding that the constructor of the AuthenticatedBaseController is firing twice when I make a GET request to /Home. Can someone help tell me what I am doing wrong?

Improve this question
7
  • Good starting point is to use Fiddler to rule out that the browser is not actually sending out two GET requests. Commented Feb 21, 2012 at 22:34
  • You should be using Authorize authorization filters. Commented Feb 21, 2012 at 22:38
  • This is a very insecure way to do authentication. It's much easier to hijack a session cookie than it is an authorization cookie. You should be using the AuthorizeAttribute, and use FormsAuthentication class to generate authentication tickets. Or, implement your own IIdentity based service and use that. Commented Feb 21, 2012 at 22:43
  • Another reason this is bad is that sessions are unreliable. They can disappear at any time, such as when the worker process is restarted, or if the server gets low on memory. You really don't want the user potentially having to login every 2 minutes because the server can't keep that many sessions around. Authentication tickets are cookie based, and thus survive session restarts. Commented Feb 21, 2012 at 22:52
  • Unfortunately this requirement comes for the client. I do not have a say in the matter. Also the above code is a very simplified version of the actual code, but maintains the essential logic. Commented Feb 21, 2012 at 23:15

1 Answer 1

Reset to default
1

To answer your question, it's firing twice because you are redirecting the user to another action, which causes another request, which causes another controller instance to be created.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The controller to which the redirect points does not inherit the AuthenticatedBaseController.
@klork - upon further analysis, your code can't even work. RedirectToAction is not a command. You have to RETURN a redirect to action from an action method. You can't just call it, it will do nothing.
yep, that was the issue. Thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.