I am trying to wrap my head around forms authentication in ASP.NET MVC. MVC 5 in my particular case, if that matters.
My application does not use passwords, just an email address as a username.
When debugging the Login method, I can clearly see that the model is valid, and my (user) MembershipProvider validates the user as expected.
It then redirects to the provided returnUrl (for testing purposes, I have AuthorizeAttribute on / Home / About).
Unfortunately, I immediately return to the Login view, so itβs obvious that I donβt have the fundamental element for the whole process (and, in general, the fundamental understanding of the whole auth / auth process, I have to admit that I rarely communicate with it).
Login Method:
[HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if(ModelState.IsValid && Membership.ValidateUser(model.Email, "")) { FormsAuthentication.SetAuthCookie(model.Email, model.RememberMe); if (Url.IsLocalUrl(returnUrl)) { return RedirectToLocal(returnUrl); } else { return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "Email address unknown"); } return View(model); }
LoginViewModel:
public class LoginViewModel { [Required] [Display(Name = "Email")] [EmailAddress] public string Email { get; set; } [Display(Name = "Remember me?")] public bool RememberMe { get; set; } }
Relevant part of Web.config:
<system.web> <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880" /> </authentication> </system.web>
What I do not see? Where should I look?