ansaurus

Question

ASP.NET MVC: What is the correct way to redirect to pages/actions in MVC?

Answer 1

+2 A:

RedirectToAction("actionName", "controllerName");

It has other overloads as well, please check up!

Also, If you are new and you are not using T4MVC, then I would recommend you to use it!

It gives you intellisence for actions,Controllers,views etc (no more magic strings)

Mahesh Velaga 2010-04-20 17:05:28

This is good for number 1, but you dont have that available in number 2.

NickLarsen 2010-04-20 17:08:48

Indeed, in case number 2, the RedirectToAction appears to be ignored?

Mark Redman 2010-04-20 18:14:08

Answer 2

+1 A:

1) To redirect to the login page / from the login page, don't use the Redirect() methods. Use FormsAuthentication.RedirectToLoginPage() and FormsAuthentication.RedirectFromLoginPage() !

2) You should just use RedirectToAction("action", "controller") in regular scenarios.. You want to redirect in side the Initialize method? Why? I don't see why would you ever want to do this, and in most cases you should review your approach imo.. If you want to do this for authentication this is DEFINITELY the wrong way (with very little chances foe an exception) Use the [Authorize] attribute on your controller or method instead :)

UPD: if you have some security checks in the Initialise method, and the user doesn't have access to this method, you can do a couple of things: a)

Response.StatusCode = 403;
Response.End();

This will send the user back to the login page. If you want to send him to a custom location, you can do something like this (cautios: pseudocode)

Response.Redirect(Url.Action("action", "controller"));

No need to specify the full url. This should be enough. If you completely insist on the full url:

Response.Redirect(new Uri(Request.Url, Url.Action("action", "controller")).ToString());

Artiom Chilaru 2010-04-20 18:29:16

There is an authentication check but its more to do with checking a user agains a tenant in a multi-tenancy application and other security checks are done. If there is a breach, the user should be logged out and redirected somewhere (this could be a generic login, specific login, home page or other page)

Mark Redman 2010-04-20 19:07:03

Well.. My answer seems to cover this, no? Unless I missed something, in which case I'll be happy to help )

Artiom Chilaru 2010-04-20 19:08:37

The redirects dont seem to work from initialize at all, so having a rethink...add more info to question...

Mark Redman 2010-04-20 20:14:45

Try Response.Redirect(url, true) or run a Response.End() after the redirect.. that should force a redirect "NOW" :)

Artiom Chilaru 2010-04-20 20:27:00

@Artiom: thanks will try that too...

Mark Redman 2010-04-20 20:44:49

setting the endResponse parameter to true in Response.Redirect(url, true) doesnt seem to work either. The page is copmletes its round trip, but the ViewData/Model Data is lost. Will try moving code to OnActionExecuting event.

Mark Redman 2010-04-21 08:34:30

Answer 3

+2 A:

1) WHen the user logs out (Forms signout in Action) I want to redirect to a login page.

public ActionResult Logout() {
    //log out the user
    return RedirectToAction("Login");
}

2) In a Controller or base Controller event eg Initialze, I want to redirect to another page (AbsoluteRootUrl + Controller + Action)

Why would you want to redirect from a controller init?

the routing engine automatically handles requests that come in, if you mean you want to redirect from the index action on a controller simply do:

public ActionResult Index() {
    return RedirectToAction("whateverAction", "whateverController");
}

Jimmy 2010-04-20 18:36:59

Might want to note that the first item is in the Account controller.

GalacticCowboy 2010-04-20 18:47:33

I still think that using FormsAuthentication.RedirectToLoginPage() should be used instead of return RedirectToAction("Login");

Artiom Chilaru 2010-04-20 19:01:13

The Controller initialize event is detecting subdomains for a multi-tenancy, detecting subdomain changes and checking user authentication based on this is also done.

Mark Redman 2010-04-20 19:04:05

You might want to look into MVC Areas, a new feature to MVC 2, it allows you to split up your application into different segments which might help solve your use-case

Jimmy 2010-04-20 19:48:33

@Artiom, the FormsAuthentication.RedirectToLoginPage() does not clear the users authentication session, why use that when that is obviously not the desired outcome?

Jimmy 2010-04-20 19:56:23

My Logout code does a Session.Abandon() before redirecting, so this is covered.. But my comment was directed towards having a standard location for the link to the login page (web.config) instead of redirecting manually like this. I don't mean it's a bad thing to do, just seems like a more "correct" thing to do, no? )

Artiom Chilaru 2010-04-20 20:04:24

In other standard asp.net apps RedirectToLoginPage works fine and I too call Session.Abandon() The current situation requires calling both a standard Login page, used by tenant users or an extranet/workspace login page, used by clients of tenants.

Mark Redman 2010-04-21 08:38:37

@Jimmy: MVC Areas look VERY interesting!! I am not sure they will help in the current situation as we will use the same code for all tenants, but in terms of organisation I will certainly need to investigate...

Mark Redman 2010-04-21 08:50:28

MVC Areas walkthrough here: http://msdn.microsoft.com/en-us/library/ee671793(v=VS.100).aspx

Mark Redman 2010-04-21 08:56:26

@Jimmy: The real (and very basic issue) was calling the Redirects without using "return"...doe! Alos MVC Ares have also turned out to be great..

Mark Redman 2010-06-05 11:30:29

ansaurus

tags:

views:

answers:

ASP.NET MVC: What is the correct way to redirect to pages/actions in MVC?

related questions