MVC Forms LoginUrl is incorrect

Question

I have an ASP.NET MVC 3 application with forms authentication. For some reason that I cannot see, the login redirect url is /Account/Login?ReturnUrl=%2fSecure%2fAction instead of /Account/LogOn?ReturnUrl=%2fSecure%2fAction. The difference is subtle, its using /Account/Login instead of /Account/LogOn.

My web.config forms section is correct. Would else could possibly affect the login url??

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="720" />
</authentication>

Answer 1

This is a known issue. I had the same problem with my custom authorize attribute. I found the solution somewhere on the net, can't remember where. Just add this to appSettings in your web.config

<add key="loginUrl" value="~/Account/LogOn" />

Note: This works with MVC 3, I didn't try it with previous versions.

EDIT: Found it mentioned in release notes, but it seems that they've changed the setting name and forgot to update release notes for RTM version.

Answer 2

I ran into a similar problem sometime ago. After a few months I discovered the root of the problem: I had added a 'deployable dependency' on 'ASP.NET Web Pages with Razor Syntax'. This adds a reference to: WebMatrix.Data.dll This assembly has a class with a static constructor that does the following:

static FormsAuthenticationSettings()
{
 FormsAuthenticationSettings.LoginUrlKey = "loginUrl";
 FormsAuthenticationSettings.DefaultLoginUrl = "~/Account/Login";
} 

Check if you are referencing this dll.

Answer 3

frennky's answer helped me get to this. I needed all of these in my web.config:

<appSettings>
  <add key="loginUrl" value="~/Authentication/LogOn" />
</appSettings>

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="~/Authentication/LogOn" timeout="2880"></forms>
   </authentication>
   <authorization>
     <deny users="?"/>
   </authorization>
</system.web>

Answer 4

To fix this problem, which still exist in MVC 3 you have to remove the WebMatrix.*.dll from _bin_deployableAssemblies and bin folders respectively.

Answer 5

Instead of this:

<appSettings>
  <add key="loginUrl" value="~/Authentication/LogOn" />
</appSettings>

You could use this:

<appSettings>
  <add key="PreserveLoginUrl" value="true" />
</appSettings>

It worked for me.

Answer 6

I just ran into this issue (like 6 years later and this page doesn't rank high in searches anymore...) my fix was similar to santiagoIT.

Because I added authentication to a project that didn't previously have it I pretty much "cheated" by copying required authentication code from a default project template which included:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"), 
            Provider = new CookieAuthenticationProvider
            {
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });

The forms authentication url was using web.config for all my aspx pages but bombed when I added the Authorize attribute.

Changing the LoginPath fixed my issue.

Answer 7

Is it originating from the redirect contained within your LogOn action result?

Search your project for the string LogIn and you may find where it is specified?

Answer 8

After Trying Many technique in .net MVC 5 in VS2015 I ended up here.

Its was hard to understand but yet very Simple. Whatever we code within Form loginURL was later removed OR replaced by the web.config itself.And this line in the Web.Config does it.

<remove name="FormsAuthentication"/> 

Comment the line out in web.config and then it won't go to "Account/Login" automatically. I tested in VS2015 and it works like a charm. :)