I am having crazy problems with Forms Authentication, with the Authorize attribute and 302 redirect loops. I need to find out what is going on. Please help, this issue is honestly driving me crazy. I've been workin on this non-stop for over 3
weeks and I have no idea what to do next.
Just some more details, in case it is important.
1. My application is based on MVC3 with C#.
2. I am using custom membership provider and role provider, since I stored my users/roles in my database. I have the correct methods implemented and doing the reading for User/Roles from my custom database tables
3. I have the following in my web.config to point to my custom providers.
<membershipdefaultProvider="MyMembershipProvider">
<providers>
<clear/>
<addname="MyMembershipProvider"type="Domain.Entities.Security.MyMembershipProvider"connectionStringName="MyDB"MinRequiredPasswordLength="8"MaxInvalidPasswordAttempts="5"MinRequiredNonAlphanumericCharacters="0"applicationName="My
App Name"/>
</providers>
</membership>
<profileenabled="false">
<providers>
<clear/>
</providers>
</profile>
<roleManagerenabled="true"defaultProvider="MyRoleProvider"cookieTimeout="2800"cookieSlidingExpiration="true"cacheRolesInCookie="true">
<providers>
<clear/>
<addname="MyRoleProvider"type="Domain.Entities.Security.MyRoleProvider"connectionStringName="MyDB"applicationName="/"/>
</providers>
</roleManager>
4.
Some of my controller/actions are 'open'. So anybody (anonymous users/logged in users) can view the read-only content.
5.
Some controller/actions need authorization
depending on the logged in user role. So I have for example 'Authorize[Roles="admin"]' and similar
6. My web.config setting for the forms authentication is as follows:
<trust level="Full" />
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" slidingExpiration="true" name="MyAppCookie" />
</authentication>
<machineKey validationKey="myvalkey" decryptionKey="mydecryptkey" validation="SHA1" decryption="AES" />
7.
And now the problem:
Sometimes,
I can work on the application for hours without anything happening. However, more often than not I have a problem with the Authorize attribute (I think). Trying to navigate to any of the actions that have this attribute causes my application to go into
a redirect loop. The application keeps trying to go to Account/LogOn in a loop. Viewing this through Fiddler shows me a 'Object moved to here'. However, the browser window just looks like it has frozen. The application makes about a zillion
calls to Account/LogOn and then falls over with a 'This page cannot be displayed' (IE10) or 'This page has a redirect link' (FF). Sometimes, I hit the 302 redirect loop soon after I login and then I try to go into one of the other pages. Once that happens,
I cannot even go into the top level path without it going into a 302 redirect loop sometimes. Sometimes I can click on a few pages before it falls over in a heap.
I have no idea what to do next. I have tried a few forums but nothing's helped. I'm hoping the Microsoft team can please help with this issue.
Any directions, any pointers, any suggestion would be greatly appreciated.
Thank you
