When trying to apply [RequireHttps] to AccountController.Logon in ASP.NET MVC 2 Preview 2 I get the following error :
ASP.NET detected invalid characters in the URL.
This is because ASP.NET has rewritten my request from
http://example.com/admin to
https://example.com/account/logon%3FReturnUrl=/admin
It is ASP.NET itself that has added ReturnURL (not ASP.NET MVC), but it is the RequireHttps attribute that is redirecting and messing up the URL.
The %3F instead of ? is breaking the page.
I think its technically a bug in ASP.NET. Is there a workaround? I'm thinking maybe a way to handle the 'unauthenticated' event in global.asax - or possibly just fixing the source for RequireHttpsAttribute.
[RequireHttps]
public ActionResult LogOn()
{
return View(DefaultModel);
}
<authentication mode="Forms">
<forms loginUrl="~/account/logon"/>
</authentication>
Here's a similar, but different question
Edit: I just tried manually entering in http://example.com/accout/login?cat=dog and it still redirected to an invalid URL : account/logon%3Fcat=dog. I originally thought it was related to a conflict between the membership provider and [RequireHttps] but it looks like just a basic bug so I think I'll have to just fix the source myself.
This appears fixed in ASP.NET MVC2 RC.
/admin
now gets rewritten to the correct URL:
/account/logon?ReturnUrl=/admin