I'm trying to secure my entire MVC site, so before the Home controller, I added an [Authorize] attribute.
Now if you run it from Visual Studio or navigate using the root URL (e.g. http://localhost:2897) it does redirect to the login page, as expected. However the URL in the address bar after redirection looks like this: http://localhost:2897/Account/LogOn?ReturnUrl=%2fdefault.aspx%3f
I haven't tested this out, seeing as I have not implemented my authentication code. However, this looks like a big problem to me, since I do not have a default.aspx in my project!
My authentication tag in the web.config looks like this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" defaultUrl="~/Home/Index" timeout="2880"/>
</authentication>
Why doesn't it pick up this route as the default ReturnUrl instead of default.aspx?