ASP.NET MVC: AuthorizeAttribute on default page

Posted by AlexB on Stack Overflow See other posts from Stack Overflow or by AlexB
Published on 2010-04-21T15:27:59Z Indexed on 2010/04/21 15:43 UTC
Read the original article Hit count: 796

The default controller in my ASP.NET MVC project is decorated with the [Authorize] attribute. When I deploy the website on my development machine and access the website, I am redirected to the login page (defined in forms loginUrl section of the Web.Config). Result: everything works as expected.

When I publish the website on our production server (Windows Server 2008, IIS 7, DefaultAppPool) and access the website, the expected address shows in the address bar (/Account/LogOn?ReturnUrl=*my_expected_return_url*), but the page displays "You do not have permission to view this directory or page." instead of the login page. If I remove the [Authorize] attribute on the default controller/action, the page displays correctly.

My Web.Config file:

sessionState mode="InProc" timeout="30"  
     authentication mode="Forms"  
        forms loginUrl="~/Account/LogOn" timeout="2880"

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about forms-authentication