Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 2 down vote favorite

In an ASP.NET MVC3 web application, an entire controller has an [Authorize] attribute attached to it. So if the user is not logged in or the session expired, they get redirected to the login page. This is working...sometimes. The URLs in the "works" list below correctly redirect to the login page; the URLs in the "does not work" list instead show the IIS 401 error screen - they do not redirect to the login page.

Works

Does Not Work

The model for the MyAction action has a public string ReturnUrl { get; set; } in its base class. It also has other properties, but adding those to the query string does not affect the login redirection. It seems to be only the ReturnUrl parameter.

I'm not sure what else to look into. Any ideas why the ReturnUrl parameters would be causing trouble?

Routes

routes.MapRoute("Default-Title-ID", "{Controller}/{Action}/{Title}_{ID}", namespaces);
routes.MapRoute("Default-ID", "{Controller}/{Action}/{ID}", namespaces);
routes.MapRoute("Default", "{Controller}/{Action}", new { Controller = "Home", Action = "Index" }, namespaces);
routes.MapPageRoute("Reports-View", "ViewReport_{ID}", "~/Views/Reports/View.aspx");

Working Example (Well, not working, but illustrates the problem.)

Download the solution here: https://docs.google.com/file/d/0B4o6vqgNLpvbeVo4bVdKZWFMcEE/edit?usp=sharing

And then try to visit:

share|improve this question
stunner. I assume no exotic routes being used. – Dave A Apr 20 at 3:05
@DaveA normal routes - added them above. – Josh M. Apr 20 at 3:07
Looking over these routes, I suspect the route engine is getting confused... There is no effective difference between Default-Title-ID and Default-Title-ID -- They both have a 3rd ID param, but the route engine would NOT know which to choose when using url's. True Default is the complement, in that both Controller and Action are optional, but that route is traditionally implemented as part of the 1st of 2nd to give the route engine more flexibility. I would strongly suggest trying to merge the 3 routes, then seeing if you still have the same problem. – Dave A Apr 20 at 5:34
@DaveA - The first two routes are different. One specifies that there is text before the ID, the other specifies that there is not. Yes, I can likely combine some of these routes but for clarity I've left them as you see them. I'll try commenting out the first one anyway and see if the problem persists...but I think it will. Thanks. – Josh M. Apr 22 at 1:02
@DaveA - The problem persists after commenting out the Default-Title-ID and Default routes. – Josh M. Apr 23 at 11:23
show 5 more comments

Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.