asp.net mvc4 authentication

Question

Hello there,

i am using asp.net mvc4 forms authentication by adding [Authorize] attribute to the methods in controller

   <authentication mode="Forms">  
          <forms defaultUrl="/Home/Index" loginUrl="/Home/Login" slidingExpiration="true" timeout="2880"></forms>  
        </authentication>  

if i try to access any url by copy pasting it, it successfully redirects to the login page. but when i run the page while i am in index.chtml in visual studio IDE. It is not redirecting to login page, it shows index page directly without logging in.

That i,s if i am in a specific page's view.. and running the project F5. then it is not loading login page..the browser shows that specific page without logging in.

is it the right behaviour of [Authorize] attribute. should i write any code for handling this, or this will be ok in production site?

Thanks for helping
Dej/.

Answer 1

Hi @Jaya Anbarasan ,

i am using asp.net mvc4 forms authentication by adding [Authorize] attribute to the methods in controller

You can try putting the [Authorize] attribute above the controller, for example:

[Authorize]  
    public class HomeController : Controller  
    {  
         
        public ActionResult Index()  
        {  
            return View();  
        }  
         
        [AllowAnonymous]  
        public ActionResult Login()  
        {  
               
            return View();  
        }  
}  

Best regards,
Lan Huang

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I'm guessing you logged in once and the Forms Authentication code sets a persistent cookie. Try clearing the browser cookies.