Partial View Link on MVC LoginPage not working (User not logged-in/Authorized yet)

Question

I am working on a website in ASP.NET MVC and working on LoginPage. On the LoginPage, we also have 'Forgot Password' link and clicking that link opens a Modal-popup (bootstrap) with content being returned as PartialView.

Problem I am facing is, when I click on 'Forgot Password' link on the page, Index method of Login controller gets called instead of ForgotPassword related method which results in LoginPage being returned in modal popup.

[AllowAnonymous]
[System.Web.Services.WebMethod()]
public ActionResult ForgotPassword()
{
   return PartialView("_ForgotPassword");
}

It seems like some sort of authentication issue because if I login using our old Login Page (it's an .aspx page) and then try to manually go to a new ASP.NET MVC page, all the link with partialView on login Page works fine.

Anyone else had this issue? any pointer would be appreciated.

Thanks

Edit 1: Javascript used to call modal popup

function AttachPopup() {    
    $('.modal-popup').click(function (event) {

        event.preventDefault();
        event.stopImmediatePropagation();

        var url = $(this).attr('data-content-url');
        var modalId = $(this).attr('data-target-model');
        var target = $(this).attr('data-target-content'); 

        $.ajax({
            url: url,
            type: 'POST',
            datatype: "json",
            cache: false,
            traditional: true,
            success: function (data) {  
                $(target).empty();
                $(target).append(data);             
                $(modalId).modal('show');
            }
        });
    });
}

url comes correct but still index is called.

Could you post your javascript that opens the modal? – Adlorem Apr 21 '21 at 19:46 — Adlorem, Apr 21 '21 at 19:46

score 0 · Answer 1 · answered Apr 21 '21 at 23:00

When the AllowAnonymous attribute, the onAuthorization method of AuthorizeAttribute simply ignores authorization and authentication checking. Even if you had a global authorization filter. It should still work. A user had a similar issue. Please check out this link

score 0 · Answer 2 · answered Apr 22 '21 at 20:43

As mentioned, I was converting an aspx website to MVC. In Web.config, we had

<authorization>
  <deny users="?" />
</authorization>

This was taking precedence over MVC [AllowAnonymous] attribute. Commenting out above code, fixed my problem.

Word of caution: When you do that, do check that your website is secure with [Authorize] attribute

Partial View Link on MVC LoginPage not working (User not logged-in/Authorized yet)

2 Answers2