Login with ReturnUrl pointing to POST action: FAIL!

Question

Login with ReturnUrl pointing to POST action: FAIL!

I have an Asp.Net MVC project with typical forms authentication that redirects the user to a page on successful login. If the querystring has ReturnUrl, it will redirect the user to ReturnUrl.

The problem occurs when the logged in user sits on the page long enough to log in and then submits the form, triggering a message on the server. Since the user is no longer authenticated, it will force the user to login again. However, ReturnUrl will point to an action that only accepts the POST method and throws an exception after redirection.

Is there a job for this?

+2

c # asp.net-mvc

Andrew Young 09 oct. '09 at 23:59

source to share

1 answer

Joseph · Accepted Answer · 2009-10-10T00:36:10+0000

You need to create an identical GET action and redirect it back to the form they fill out. The problem is that the redirect to ReturnUrl does a GET and not a POST, hence the error.

Example:

[AcceptVerbs(HttpVerbs.Get)]
public ActionResult SomeFormAction()
{ 
    //redirect them back to the original form GET here 
    RedirectToAction(stuffhere);
}

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult SomeFormAction(FormCollection collection)
{ 
    //this is your original POST 
}

Login with ReturnUrl pointing to POST action: FAIL!

More articles: