MVC3 Forms Authentication with AuthorizeAttribute and redirect loops RRS feed

  • Question

  • I am having crazy problems with Forms Authentication, with the Authorize attribute and 302 redirect loops.  I need to find out what is going on. Please help, this issue is honestly driving me crazy. I've been workin on this non-stop for over 3 weeks and I have no idea what to do next.  

     Just some more details, in case it is important. 

    1. My application is based on MVC3 with C#. 

    2. I am using custom membership provider and role provider, since I stored my users/roles in my database.  I have the correct methods implemented and doing the reading for User/Roles from my custom database tables

    3. I have the following in my web.config to point to my custom providers.




            <addname="MyMembershipProvider"type="Domain.Entities.Security.MyMembershipProvider"connectionStringName="MyDB"MinRequiredPasswordLength="8"MaxInvalidPasswordAttempts="5"MinRequiredNonAlphanumericCharacters="0"applicationName="My App Name"/>














    4. Some of my controller/actions are 'open'.  So anybody (anonymous users/logged in users) can view the read-only content. 

    5. Some controller/actions need authorization depending on the logged in user role.  So I have for example 'Authorize[Roles="admin"]' and similar

    6. My web.config setting for the forms authentication is as follows:

    <trust level="Full" />
        <authentication mode="Forms">
          <forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" slidingExpiration="true" name="MyAppCookie" />
        <machineKey validationKey="myvalkey" decryptionKey="mydecryptkey" validation="SHA1" decryption="AES" />

    7. And now the problem:

     Sometimes, I can work on the application for hours without anything happening. However, more often than not I have a problem with the Authorize attribute (I think). Trying to navigate to any of the actions that have this attribute causes my application to go into a redirect loop. The application keeps trying to go to Account/LogOn in a loop.  Viewing this through Fiddler shows me a 'Object moved to here'.  However, the browser window just looks like it has frozen. The application makes about a zillion calls to Account/LogOn and then falls over with a 'This page cannot be displayed' (IE10) or 'This page has a redirect link' (FF). Sometimes, I hit the 302 redirect loop soon after I login and then I try to go into one of the other pages. Once that happens, I cannot even go into the top level path without it going into a 302 redirect loop sometimes.  Sometimes I can click on a few pages before it falls over in a heap. 

    I have no idea what to do next.  I have tried a few forums but nothing's helped.  I'm hoping the Microsoft team can please help with this issue. 

    Any directions, any pointers, any suggestion would be greatly appreciated.

    Thank you

    • Moved by Caillen Monday, November 4, 2013 11:04 AM ASP.NET question.
    Saturday, November 2, 2013 3:00 PM


All replies