0

Similar to this post: MVC 3 - FormsAuthentication - Can't give access to my Login action

I'm unable to get my form to submit the username/password to the post handler of the Logon action. However, my AccountController inherits from the default controller, i.e. no [Authorize]-attribute. My account controller looks like this:

 [HttpGet]
 public ActionResult LogOn()
 {
     return View();
 }

 [HttpPost]
 public ActionResult LogOn(LogOnModel model, string returnUrl = null)
 {
     ...
 }

And my web.config contains, amongst others:

    <location path="Account">
            <system.web>
                    <authorization>
                            <allow users="?"/>
                    </authorization>
            </system.web>
    </location>

    <authorization>
        <deny users="?" />
    </authorization>

    <authentication mode="Forms">
        <forms loginUrl="~/Account/LogOn" timeout="2880" defaultUrl="~/Home/Index" />
    </authentication>

Upon submitting the login-form, it immediately redirects me to the [HttpGet] version of the LogOn-action. I never get directed to the POST version. I get the same response as mentioned in the post above:

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/Account/LogOn?ReturnUrl=%2f">here</a>.</h2>
</body></html>

If I comment out <authorization> everything works fine. However, in that case, when I enter a deep link to a page which required authorization, I don't get redirected to the logon page.

I've also tried adding the location "Account" and allowing all users, but this does not seem to have any effect.

Can anyone point out what I'm doing wrong?

EDIT

In Fiddler I always see this pattern:

#   Result  Protocol    Host    URL Body    Caching Content-Type    Process Comments    Custom  
1   302 HTTP    localhost:36372 /   145 private     text/html; charset=utf-8    iexplore:6400           
2   200 HTTP    localhost:36372 /Account/LogOn?ReturnUrl=%2f    4,752   private     text/html; charset=utf-8    iexplore:6400

Why is the first URL always /?

EDIT2

It occured to me to check the generated HTML, and to my surprise it looks like this:

<form action="/" id="LogOnForm" method="post">

Obviously, this is not the correct action. The ASP code looks like this:

@using (Html.BeginForm("LogOn", "Account", FormMethod.Post, new { id = "LogOnForm" }))

And my routes look like this:

routes.MapRoute(
    "Default", // Route name
    "{controller}/{action}/{id}", // URL with parameters
    new { controller = "Account", action = "LogOn", id = UrlParameter.Optional } // Parameter defaults
);
Improve this question

2 Answers 2

Reset to default
1

You can set authorization by using simple authorization attribute in MVC

    [Authorize]
    public ViewResult SubmitPost()
    {
        return View();
    }

And you have to set cookie for authorization , which by default will create encrypted cookies & will expire only when browser closes

   FormsAuthentication.SetAuthCookie("Name", false);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You need to add location tag for /account/logon and allow anonymous access to that.

Improve this answer

3 Comments

As mentioned in my post, I already tried that, but it had no effect.
can you paste your location tag for account/logon along with formsAuthentication stuff from web.config? The web.config above has only location for "Account", can you try once changing it to account/logon?
I tried after reading your post, but no effect. Probably this is not the problem either. See my edits.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.