2

I have that overriden OnActionExecuting method (to check before action execute if user is logged in)

public class AuthenticationAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        { 
            string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery);

            filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true);
        }
        else 
            base.OnActionExecuting(filterContext);
    }
}

Why - if user is not logged in - the response is redirected to that method again. Why ?

Tony
  • 12,405
  • 36
  • 126
  • 226

1 Answers1

3

That's probably because the controller action that you are redirecting to (the login url I think) is also decorated with this attribute. So if the user is not authenticated he gets redirected to the login action and because he is not authenticated he gets redirected to the login action and so on. Personally I would recommend you using the [Authorize] attribute instead of writing such action filter.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • but if I use the [Authorize] attribute on the Controller the result is a blank page (the URL is changed properly) – Tony May 13 '11 at 10:03
  • 2
    @Tony, the authorize attribute will automatically redirect to the login page you defined in the `` section of your web.config. So ensure that the url that is defined there corresponds to an actual controller action in your application. – Darin Dimitrov May 13 '11 at 10:23