Monday, June 8, 2009

loginUrl for Forms Authentication in ASP.NET MVC on a Hosted Site

While implementing an ASP.NET MVC site which was hosted by an ISP I followed this information from MSFT since the server is running IIS6 and I could not access the web server to configure it for MVC.

This resulted in the following route maps in Global.asax.cs

//Hosted Configuration: Uses .aspx in IIS.
//If MVC installed can map directly.
routes.MapRoute(
"aspx",
"{controller}.aspx/{action}/{id}",
new { action = "Index", id = "" }
);

routes.MapRoute(
"Default",
"{controller}/{action}/{id}"
);

routes.MapRoute(
"Root",
"",
new { controller = "Home", action = "Index", id = "" }
);

I then implemented FormsAuthentication using the

[Authorize(Roles = "User")]

attribute on my actions.

However, when the user visited a "page" w/o sufficient permissions the standard loginUrl attribute of the element in web.config did not work.

loginUrl="~/Account/LogOn"

After some thought I realized the loginUrl value needed to follow the mapped routes and changed it to

loginUrl="/Account.aspx/LogOn"

which works nicely.