views:

360

answers:

1

I browsed the source code of FormsAuthentication, and noticed it ends in

context.Response.Redirect(strUrl, false);

The 'false' parameter stands for "don't terminate execution of the current page".

Why wouldn't a call to FormsAuthentication.RedirectFromLoginPage() need to terminate viewing the current page? What is the correct behavior after calling this method?

+3  A: 

Setting "endResponse" to true means that the Response.Redirect() call also forces a call to Response.End().

Response.End() will immediately transfer the code execution over to Application_EndResponse event, and raises a ThreadAbortException at the end of everything.

Basically, it's a cleaner "shutdown" of the response if you leave the parameter as false. If you can structure the logic of your method to basically finish right after the the Response.Redirect() call, you can avoid all the weird things that happen with forcing a Response.End().

womp
So in my Controller, after calling FormsAuthentication.RedirectFromLoginPage, I should call Response.End? Or return EmptyResult()?
ripper234
(Given that I do have to return something from the action)
ripper234
Return an EmptyResult [or a null ActionResult]. Calling Response.End() from within an action method will cause any result filters you have registered to be skipped.In a perfect world the action would return a RedirectFromLoginResult, and its ExecuteResult() override would contain a call to Response.Redirect(). In fact, the ASP.NET MVC 2 default AccountController template does just this.
Levi
Edit to above comment: The RedirectFromLoginResult never actually made it into the MVC templates, sorry about the confusion. But in a perfect world it would be there. :)
Levi