New to working with C# .NET, bear with me.
I'm building a simple C# web app (MVC 4). My authentication/authorization works - normal users can login/logoff/view data, only admins can edit database, etc. However, a guest user cannot view the home page. Instead guest is redirected to login page - something I specified in web.config. (Before I implemented that, user just goes to error page.). Only when a user is logged in can they actually see the home page.
For some reason, including [AllowAnonymous] on the appropriate action (Index()) in my HomeController doesn't work, whereas doing the same for an action in a different controller does work for guest users (e.g. the login page shows).
Removing [Authorize] and/or [AllowAnonymous] doesn't work. I also tried using Application_BeginRequest() in Global.asax but no success (not even sure if I'm using that correctly). Could someone help me understand why the homepage would be blocked? No other page has access problems.
HomeController.cs:
...
namespace Portal.UI.Controllers
{
[Authorize]
public class HomeController : Controller
{
[AllowAnonymous]
public ActionResult Index()
{
return View();
}
...
}
}
web.config:
<system.web>
<authentication mode="Forms">
<!-- Login action is in another controller, AdminController -->
<forms name="REDIRECT_TO_LOGIN" loginUrl="~/Admin/Login"
protection="All" path="/" timeout="30">
</forms>
</authentication>
</system.web>
Global.asax.cs:
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
// ...
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
}
protected void Application_BeginRequest()
{
if (Request.AppRelativeCurrentExecutionFilePath == "~/")
HttpContext.Current.RewritePath("/Home/Index");
}
}
