Rogério Ferreira Rogério Ferreira - 3 months ago 15
C# Question

MVC5(Asp.Net4.5.2)- RedirectToAction does'nt return in one case

in my Account controller, in login action, have the code below:

case "Sucess":
string rule = CheckRule(model.username, model.Password);
Response.SetCookie(SetAuthCookie(model.username, model.RememberMe, rule));
return RedirectToAction("Index", rule);


In checkrule, i return string with names of another controllers, among them are Admin and BasicUser, here are the codes of these:

{
[Authorize]
public class AdminController : Controller
{
private bool attAuthor = isAuthorized();
private bool attAuth = isAuthenticated();
private string rule = returnrule();
// GET: Admin
public ActionResult Index()
{
if (!attAuthor)
{
return RedirectToAction("erro401",rule);
}
else
{
return View();
}


}

public ActionResult erro401()
{
return View("erro401");
}


}

and:

{
[Authorize]
public class BasicUserController : Controller
{
private bool attAuthor = isAuthorized();
private bool attAuth = isAuthenticated();
private string rule = returnrule();
// GET: BasicUser
public ActionResult Index()
{
if (!attAuthor)
{
return RedirectToAction("erro401", rule);
}
else
{
FormsAuthenticationTicket authticket = get_ticket();
string str = rule + " / " + authticket.Name;
ViewBag.Htmlstr = str;
return View();
}


}

public ActionResult erro401()
{
return View("erro401");
}


}


}

In the RouteConfig:

routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

routes.MapRoute(
name: "Default",
url: "",
defaults: new { controller = "Account", action = "Login", id = UrlParameter.Optional }
);

routes.MapRoute(
name: "BasicUser",
url: "{controller}/{action}/{id}",
defaults: new { controller = "BasicUser", action = "Index", id = UrlParameter.Optional }
);
routes.MapRoute(
name: "Admin",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Admin", action = "Index", id = UrlParameter.Optional }
);


If I log in with an admin user it works perfectly, but with a basic user the navagador does not redirect to the route, simply is the logon screen, if I enter the controller address works.
I added a tag html to view the cookie userdata and this works fine(show de BasicUserRule).

Sorry if my question is not very clear, i am newbie...

Answer

There are two problems with your routes:

  1. I don't suggest mapping "" to login. That is actually the homepage. Mapping homepage to login doesn't make much sense. Your login page should be requested automatically when you return an HttpStatusCode.Unauthorized response from any page, attribute. If you want your homepage only accessed by authorized users, return Unauthorized response from Homepage too. That would be it.

    It's a very good idea read more about how MVC (routing, controllers, authentication, authorization) works. Otherwise you might end up with an app far from secure. StackOverflow is good about solving individual issues but doesn't help you see the big picture. You still need to understand how stuff works.

  2. When you have exact same two patterns next to each other only the first would be matched. (Because MVC stops when it finds a match). Your default values don't help there. You need to instead define patterns like:

    "Admin/{action}/{id}", new { controller = "Admin" } 
    "Basic/{action}/{id}", new { controller = "Basic" }
    

    so if the URL starts with "Basic", Admin wouldn't be matched or vice versa.

You can use Route Debugger to understand how route matching works and how your requests get mapped to routes.

Comments