Logging in with a ReturnUrl pointing to a POST action: FAIL!

Question

I have an Asp.Net MVC project with the typical forms authentication that redirects the user to a page upon successful login. If there is a ReturnUrl in the querystring it will redirect the user to the ReturnUrl.

Problem comes when a logged in user sits on a page long enough for their login to time out and then submits the form causing a post to the server. Since the user is now no longer authenticated it'll force the user to log in again. However the ReturnUrl would point to an action that only accepts the POST method and would throw an exception after being redirected.

Is there a work around for this?

Answer 1

You have to create an identical GET action and redirect it back to the form they were filling out. The problem is that the redirect to the ReturnUrl is doing a GET, not a POST, hence the error.

Example:

[AcceptVerbs(HttpVerbs.Get)]
public ActionResult SomeFormAction()
{ 
    //redirect them back to the original form GET here 
    RedirectToAction(stuffhere);
}

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult SomeFormAction(FormCollection collection)
{ 
    //this is your original POST 
}