This behavior is designed in MVC3 or MVC4, however, it is very unfriendly to the user, as described above, however, in production this problem must be elegantly solved, and the application must deal with this strange situation. The solution to this problem is to create a filter that is applied to the login message, which checks whether the user is registered and displays them on the correct page, otherwise they will remain on the login page.
Below is the filter attribute code
/// <summary> /// Handle Antiforgery token exception and redirect to customer area if the user is Authenticated /// </summary> public class RedirectOnError : HandleErrorAttribute { /// <summary> /// Override the on exception method and check if the user is authenticated and redirect the user /// to the customer service index otherwise continue with the base implamentation /// </summary> /// <param name="filterContext">Current Exception Context of the request</param> public override void OnException(ExceptionContext filterContext) { if (filterContext.Exception is HttpAntiForgeryException && filterContext.HttpContext.User.Identity.IsAuthenticated) { // Set response code back to normal filterContext.HttpContext.Response.StatusCode = 200; // Handle the exception filterContext.ExceptionHandled = true; UrlHelper urlH = new UrlHelper(filterContext.HttpContext.Request.RequestContext); // Create a new request context RequestContext rc = new RequestContext(filterContext.HttpContext, filterContext.RouteData); // Create a new return url string url = RouteTable.Routes.GetVirtualPath(rc, new RouteValueDictionary(new { Controller = "CustomerArea", action = "Index" })).VirtualPath; // Check if there is a request url if (filterContext.HttpContext.Request.Params["ReturnUrl"] != null && urlH.IsLocalUrl(filterContext.HttpContext.Request.Params["ReturnUrl"])) { url = filterContext.HttpContext.Request.Params["ReturnUrl"]; } // Redirect the user back to the customer service index page filterContext.HttpContext.Response.Redirect(url, true); } else { // Continue to the base base.OnException(filterContext); } } }
This is an example of use.
[HttpPost] **[RedirectOnError]** [ValidateAntiForgeryToken] public ActionResult LogOn(LogOnViewModel model, UserSessionState session, string returnUrl) { ..... }
Marko source share