I have an MVC3 web app which is effectively ‘bolted on’ to a classic ASP website (i.e old pages are classic asp, new pages are ASP.Net MVC).
The site requires the user to log in, so to protect the new MVC pages, I check for a cookie and use the id to retrieve session data from the database which has been created by the classic ASP login page.

Because the user can switch between old & new pages, amd I’m not sharing session data across the 2 apps, I check for the cookie & retrieve data every request in my action method called LogIn:

public PartialViewResult LogIn()
        {
            var cookieId = DecodeCookieId(System.Web.HttpContext.Current.Request.Cookies["cookiename"].Value);

            LoggedInViewModel viewModel = new LoggedInViewModel
            {
                Session = sessionRepository.Sessions.FirstOrDefault(s => s.GGAPSession_ID == cookieId)
            };
            return PartialView(viewModel);
        }

This passes data to a ViewModel which displays the logged in username at the top of every MVC page, which is why I thought it would be a good place to do the checking.

The problem occurs when I try modify LogIn() to check for the cookie & redirect if not found:

public ActionResult LogIn()
{
   if (System.Web.HttpContext.Current.Request.Cookies["cookiename"] != null)
  {
     //  same method contents as above
  }
  else
  {
    return Redirect("http://localhost/index.asp");
  }
}

I get a ‘Child actions are not allowed to perform redirect actions’ which I understand, but how do I get round this? Should I be doing the cookie checking elsewhere? And where should I be doing the session management?