Thursday, May 7, 2020

Forms Authentication Auto Redirects to /Account/Login

We are required to add a different authentication method on our ASP.NET Web Forms app. It is currently configured to use OWIN, so I thought I can just disable the current authentication method and revert to the old web.config forms authentication for testing purposes. Turns out it is harder than I thought.

Problem

After disabling the current authentication method, I add the common Forms Authentication web.config entry:

<authorization>
   <deny users ="?" />
   <allow users = "*" />
</authorization>
<authentication mode="Forms">
   <forms name=".ASPXFORMSAUTH" loginUrl="~/login.aspx" protection="All" path="/" timeout="30" />
</authentication>

Then I try to access the protected page and to my surprise I got redirected to /Account/Login?ReturnUrl=. That is weird and I verified other settings and none seems to be out of place. 

Solution

Searching online, I happened to find the following thread: 

https://forums.asp.net/t/1847413.aspx?How+is+authentication+mapped+to+Account+Login.

Following the instruction, I added the following under <appSettings> tag in web.config and it redirects properly.

<add key="loginUrl" value="~/login.aspx" />

Update 

5/8/2020

According to the following article, there is a way to disable the redirect instead of changing the destination.


To disable the auto redirect, add the following under <appSettings> tag in web.config:

<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)