Home/ Questions/Q 4544576
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T15:41:27+00:00

What changed from mvc1 and mvc2? I have the following code that redirects to

  • 0

What changed from mvc1 and mvc2? I have the following code that redirects to a login page if the user has not been authenticated. This doesn’t work with mvc2 and results in “System.Web.HttpException: Cannot redirect after HTTP headers have been sent”

public class RequiresAuthenticationAttribute : FilterAttribute, IAuthorizationFilter
{
  public void OnAuthorization(AuthorizationContext filterContext)
  {
    if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
    {
      string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
      string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
      string loginUrl = System.Web.Security.FormsAuthentication.LoginUrl + redirectUrl;
      filterContext.HttpContext.Response.Redirect(loginUrl, true);
    }
  }
}

A stack track is as follows:

System.Web.HttpException: Cannot redirect after HTTP headers have been sent.
  at System.Web.HttpResponse.Redirect(String url, Boolean endResponse)
  at System.Web.HttpResponseWrapper.Redirect(String url, Boolean endResponse)
  at System.Web.Mvc.RedirectResult.ExecuteResult(ControllerContext context)
  at System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult)
  at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<InvokeActionResultWithFilters>b__11()
  at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
  at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.<InvokeActionResultWithFilters>b__13()
  at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
  at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    All you have to do is override HandleUnauthorizedRequest instead of OnAuthorization and just assign the RedirectResult url to the AuthorizationContext.Result.

    The base.OnAuthorization will check authentication and call HandleUnauthorizedRequest if it fails.

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
    string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
    filterContext.Result = new RedirectResult(redirectUrl);
    return;
}
    • 0