asp.net-mvcrequirehttps

fails in MVC Preview 2 when applying to AccountController.LogOn


When trying to apply [RequireHttps] to AccountController.Logon in ASP.NET MVC 2 Preview 2 I get the following error :

ASP.NET detected invalid characters in the URL.

This is because ASP.NET has rewritten my request from

http://example.com/admin to

https://example.com/account/logon%3FReturnUrl=/admin

It is ASP.NET itself that has added ReturnURL (not ASP.NET MVC), but it is the RequireHttps attribute that is redirecting and messing up the URL.

The %3F instead of ? is breaking the page.

I think its technically a bug in ASP.NET. Is there a workaround? I'm thinking maybe a way to handle the 'unauthenticated' event in global.asax - or possibly just fixing the source for RequireHttpsAttribute.

    [RequireHttps]
    public ActionResult LogOn()
    {
        return View(DefaultModel);
    }

    <authentication mode="Forms">
       <forms loginUrl="~/account/logon"/>
    </authentication>

Here's a similar, but different question

Edit: I just tried manually entering in http://example.com/accout/login?cat=dog and it still redirected to an invalid URL : account/logon%3Fcat=dog. I originally thought it was related to a conflict between the membership provider and [RequireHttps] but it looks like just a basic bug so I think I'll have to just fix the source myself.


Solution

  • This appears fixed in ASP.NET MVC2 RC.

     /admin 
    

    now gets rewritten to the correct URL:

     /account/logon?ReturnUrl=/admin