In a classical example of asp.net/mvc authentication LogOn action gets LogOnViewModel and returnUrl string to do an authentication and redirect to previous Url.
[HttpPost]
public ActionResult LogOn(LogOnViewModel model, string returnUrl)
{
if (ModelState.IsValid)
if (!FormsAuthentication.Authenticate(model.UserName, model.Password))
ModelState.AddModelError("", "Incorrect user name or password.");
if (ModelState.IsValid)
{
FormsAuthentication.SetAuthCookie(model.UserName, false);
return Redirect(returnUrl ?? "Bookings");
}
else
return View();
}
But when request is handled by action returnUrl parameter is null, however there should be a value as author says. Could anybody please explain this?
Form from which I send request look like this: Views/Admin/LogOn.aspx
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<div id="login">
<% Html.EnableClientValidation(); %>
<% using (Html.BeginForm("LogOn", "Admin")) { %>
<%= Html.ValidationSummary(true) %>
<div><label>Username:</label><input name="userName" type="text" /></div>
<div><label>Password:</label><input name="password" type="password" /></div>
<div><input type="submit" value="Login" /></div>
<% } %>
</div>
</asp:Content>
There is no hidden field generated on the form.
Authentication:
<authentication mode="Forms">
<forms loginUrl="~/Admin/LogOn" timeout="2880">
<credentials passwordFormat="SHA1">
<user name="admin" password="hashedPassword"/>
</credentials>
</forms>
</authentication>
When you go to a page that isn’t authenticated, the ReturnURL parameter is automatically added to your query string when you are redirected to the login page by the MVC framework.
Your current
<form>tag in the view doesn’t take this into account. It always goes to the same action disregarding any existing QueryString values.If you use:
This will automatically create a
<form>tag with ‘action’ value that takes into account any query strings that already exist on your page.