I have a strange error I have never run into before.
I secured a controller with:
[Authorize(Roles = "admin")]
public class LoggingController : Controller
When a non-admin user tries to access any protected content, they are redirected to:
http://localhost:50501/Account/Login?ReturnUrl=%2flogging
note: account/login and NOT account/logon
The AccountController.Login action does not exist.
web.config has:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I can of course implement the Login action and redirect to Logon.
I am just puzzled and would like to know why this happens.
Search your project for login – it has to be specified somewhere. Is there any other web.config value overriding this (maybe looking at a child root and the parent value is being used)
Also is there any redirect that is happening? Are there any defaults set in your machine’s web.config?
Is your default url on the project set to be a /login?
Install glimpse route debugger to see which route is being used for this page as well.
EDIT:
A little more research yields a known issue.
Check out this link:
ASP.NET MVC issue with configuration of forms authentication section
Theres a bug in mvc 3 beta – are you running the beta bits?
Also notice the mentioned item in the above url for RTM bits:
Also check out
http://forums.asp.net/p/1616153/4138366.aspx
EDIT 2
Below is a solid comment about a potential source of this from @santiagoIT (upvote his comment please if the specifics help you)
Today I discovered the root of this problem: I had added ‘deployable dependency’ on ‘ASP.NET Web Pages with Razor Syntax’. This adds a reference to: WebMatrix.Data.dll This assembly has a class with a static constructor that does the following: static FormsAuthenticationSettings(){ FormsAuthenticationSettings.LoginUrlKey = “loginUrl”; FormsAuthenticationSettings.DefaultLoginUrl = “~/Account/Login”;} That explains!