So the user has logged in, how do I implement a redirect to home page? (ASP MVC 3)

Question

I am quite confused as how to implement this functionality. Initially, when the user visits the website, they see the sign in page.

[HttpGet]
public ActionResult SignIn()
{
  return View() ;
}

When the user enters the details, it calls:

[HttpPost]
public ActionResult Sign(SignInModel signInModel)
{
   if(service.ValidateUser(signInModel.userName,signInModel.passWord))
    {
        FormsAuthentication.SetAuthCookie(signInModel.userName, true);return           
        return RedirectToAction("Index", "Home");
    } 
}

However, as a test I decided to go back to the log in page, so localhost/Account/SignIn, but it doesn't redirect me back to the home page.. so I tried some suggested answers to similar questions from SO:

[HttpGet]
public ActionResult SignIn()
{
  if(HttpContext.User.Identity.IsAuthenticated) 
  {
            return RedirectToAction("Index", "Home");
  }
  return View() ;

}

But I didn't understand how it worked so I decided to debug it. But It turns out it was using the wrong Identity.

To explain, I was using a default MVC template to get my project working, I logged in with James on that template. However with my own project, I logged in with Peter.

But HttpContext.User.Identity in my own project refers to the default website's James instead of Peter.. so there is obviously something wrong there, but what?

TL;DR how do I persist information like StackOverflow? The user should only see the sign in page when the session expires or the user signs out.

Answer 1

Correct me if I am haven't understood it properly.

• You are hosting both the websites on localhost. Most likely different port numbers.
• You logged into the dummy website (the template website) first. You got back an auth cookie.
• You didn't log out of the dummy website. So, your auth cookie is still valid.
• You then launched the actual website (your project). When you request the signin page, the cookie which you received earlier is also sent to the server. The reason this happens is the cookie is scoped to the domain localhost and to the app path \. This matches both the websites.
• You see yourself as logged in and as someone else.

What can you do to fix this?

Log out of both websites. Don't login to the dummy website. Login to the actual website. Have fun.

A more permanent fix?

Depends. The problem happens because the cookie is too loosely scoped. If its necessary to run both websites on localhost, then you could configure your IDE to launch them under a folder. Meaning dummy website is launched at http://localhost:1234/dummy/ and actual is launched at http://localhost:4321/actual. For normal cookies you would directly set the path. For the auth cookie, you could use the FormsAuthentication.GetAuthCookie method.

src: http://telligent.com/support/telligent_evolution_platform/w/documentation/common-things-to-check-when-using-forms-authentication.aspx

HttpCookie cookie = FormsAuthentication.GetAuthCookie(username, true);
cookie.Path = "/dummy";
Response.Cookies.Add(cookie);

Edit:

Seem's like the general consensus is to not set the path. https://stackoverflow.com/a/6940281/30007

Cookie paths are case-sensitive, so:

http://site/path
http://site/PATH

Are 2 different cookies for the browser - none of them (IE, FX, Safari, Opera or Chrome) will send /PATH's cookie to /path or vice versa.

Answer 2

I think what you looking for is answered over there: How do I redirect /Home to root?

Edit:

In this case try this: when you generate the LogOn link you may want to pass the returnUrl parameter:

@Html.ActionLink("Log On", "LogOn", "Account", new { returnUrl = Request.Url }, null)

In your specific case you can pass returnUrl to be home page. Sorry for confusion.

Hope this helps