ASP.NET MVC: Unauthenticated User Always Redirected to ~/Account/LogOn Despite Custom Sign In Url

By default new ASP.NET MVC projects redirect any unauthenticated users who request resources that require authentication to the /Account/LogOn action. The log on page is defined in the web.config authentication section.

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />

It is my preference for users to “Sign in” instead of “Log on” so I changed the web.config to the following and changed the action method name from LogOn to SignIn.

<authentication mode="Forms">
  <forms loginUrl="~/Account/SignIn" timeout="2880" />

After the change I tried accessing a page that required the user to be authorized with and unauthorized user and to my surprise, the site redirected me to /Account/LogOn and I got a 404 error saying the the resource could not be found. It turns out this is a known issue with the ASP.NET MVC when the WebMatrix.Data.dll and WebMatrix.DataWeb.dll are added to the deployable assemblies collection. This issue can be fixed by adding the following key to the appSettings section of the web.config.

  <add key="loginUrl" value="~/Account/SignIn" />

I presume this will be fixed in the next release of ASP.NET MVC as a bug has been logged on Microsoft Connect here.

5 Responses to “ASP.NET MVC: Unauthenticated User Always Redirected to ~/Account/LogOn Despite Custom Sign In Url”

  1. Brian B Says:

    Thank you. Thank you. Thank you. My app was working wonderful last time I used my computer. I turn it on today and all I get is that stupid Account/Login error. I spent so much time trying to fix it (of course, I can’t fix it the normal way b/c MVC is ignoring my web.config settings). You saved me from wasting more hours tracking this down. I’m so relieved you wrote this gem.

    • Nick Olsen Says:

      Glad it helped!

  2. Vicenç García Says:

    Thank you very much Nick.

    I have the same issue with windows authentication, either with authenticated users or not authenticated. Furtunatelly we could delete these devilish files and the applications runs well.


  3. No hagas un deploy de lo que no tengas que hacer un deploy - devnettips Says:

    […] y vemos que no es así. Finalmente, después de mucho buscar nos hemos encontrado con este salvador blog. En él, su autor explica que si teniendo una aplicación con autenticación forms y cambiándole […]

  4. Henrik Says:

    Thank you very much for posting this blog…..couldn’t find the source of this error…..THANKS🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: