ASP.NET MVC: AuthorizeAttribute on default page
Posted
by AlexB
on Stack Overflow
See other posts from Stack Overflow
or by AlexB
Published on 2010-04-21T15:27:59Z
Indexed on
2010/04/21
15:43 UTC
Read the original article
Hit count: 799
asp.net-mvc
|forms-authentication
The default controller in my ASP.NET MVC project is decorated with the [Authorize] attribute. When I deploy the website on my development machine and access the website, I am redirected to the login page (defined in forms loginUrl section of the Web.Config). Result: everything works as expected.
When I publish the website on our production server (Windows Server 2008, IIS 7, DefaultAppPool) and access the website, the expected address shows in the address bar (/Account/LogOn?ReturnUrl=*my_expected_return_url*
), but the page displays "You do not have permission to view this directory or page." instead of the login page. If I remove the [Authorize] attribute on the default controller/action, the page displays correctly.
My Web.Config file:
sessionState mode="InProc" timeout="30"
authentication mode="Forms"
forms loginUrl="~/Account/LogOn" timeout="2880"
© Stack Overflow or respective owner