tags:

views:

29

answers:

1
+1  Q: 

Forms authentication on MVC always redirects to logon

I have forms authentication on my MVC site and the default route is set to send users to /home/index. Home/index is excluded from the login requirement, via a Web.config location section. if I type in http://Example/home/index, I go to the home page as expected, but if I just do http://Example, I get redirected to the logon page.

If I turn off authentication and do http://Example, the default route works fine, and I'm sent to the home page.

Why is authentication not respecting the default route? Thanks!

+3  A: 

You shouldn't be using the <location> element in web.config to handle authorization in an ASP.NET MVC application as it might clash with your routes. This is used in standard WebForms applications but it is considered bad practice in MVC.

The recommended way to handle this is to decorate your controllers/actions with the [AuthorizeAttribute]. So get rid of all location elements in web.config and decorate.

Darin Dimitrov  2010-10-12 16:43:44
Yes, this seems a workable solution, but unless I'm missing something, it seems tedious. Is there a way to lock down everything and provide exclusions rather than having to decorate EVERY controller action? Maybe in a base controller?
Bob_Kruger  2010-10-12 17:01:38
Organize your controllers into functions. `PublicController`, `AdminController`, you get the point and then decorate only the controller. You could also use a base controller. This way all the attribute will apply on all the actions on this controller.
Darin Dimitrov  2010-10-12 17:03:12
Okay, cool. Thanks!
Bob_Kruger  2010-10-12 17:38:10

related questions

Infopath 2007 - Emailed forms not rendering correctly
What can prevent an MS Access 2000 form from closing?
Form library
Trigger update on DataTable bound to DataGridView
What's a clean/simple way to ensure the security of a page?
How to best merge information, at a server, into a "form", a PDF being generated as the final output
In HTML, what should happen to a selected, disabled option element?
What's the state of play with "Visual Inheritance"
ASP.NET MVC Preview 4 - Stop Url.RouteUrl() etc. using existing parameters
HTTP POST question - I'm stuck
InfoPath 2003 and the xs:any type
Retrieving HTTP status code from loaded iframe with Javascript
Data model for a extensible web form
.Net Compact Framework scrollbars - horizontal always show when vertical shows
MVC - where to implement form validation (server-side)?
Offline forms
MVC .Net - The best way to write a form?
Windows Forms Threading and Events - ListBox updates promptly but progressbar experiences huge delay
What is the best way to upload a file via an HTTP POST with a web form?
Delphi MDI Application and the titlebar of the MDI Children
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How Do I Post and then redirect to an external URL from ASP.Net?
Is a "Confirm Email" input good practice when user changes email address?
WinForms ComboBox data binding gotcha
How do I access a remote form in php?