Click here to Skip to main content
15,846,078 members
Please Sign up or sign in to vote.
5.00/5 (1 vote)
See more:
I have a simple view (Home/Index.cshtml):
  Layout = null;

<!DOCTYPE html>
  <title>Test Log On</title>
  <div id="logon">
  <div id="main">

It is rendering a partial view (_LogOnPartial.cshtml):
@using (Html.BeginForm("LogOn", "Account", FormMethod.Post))
  <!-- ...fields omitted for simplicity... -->
  <input type="submit" value="Log On" />

That partial view is posting back to an action method on a different controller (AccountController.cs):
public class AccountController : Controller
  public ActionResult LogOn()
    // ...login logic omitted for simplicity...
    return Redirect(Request.UrlReferrer.PathAndQuery);

You'll note that it is just returning a redirect. I'm thinking there must be a better way (e.g., return a view), as this loses all the model data (which would be useful to keep if the log on fails). I could pass around the path to the view, but I don't want the client having access to that data (and using session to pass that around seems clunky)... seems like it might expose my website to some vulnerabilities.

What I'm thinking is that there might be a way to determine the default view based on the referrer URL. So if I pass in "/Home/Index" or "/Home" or "/" or "/SomeOtherValidRoute" to a function, it will return the "~/Views/Home/Index.cshtml" view.

Do you know of a function like that, or am I going about this the wrong way? In ASP.NET Web Forms this would just be a simple user control, but I'm having trouble figuring this out in ASP.NET MVC.
AspDotNetDev 13-May-12 7:03am    
I guess you could say I'm after a referrer view. And note that this partial view isn't being used by only one view... it's being used by essentially all views (I simplified my example).
AspDotNetDev 13-May-12 7:07am    
Another possibility I'm considering is using AJAX, but I'm curious if there are other workable solutions.

A semi Partial Answer (1am & I can't go into details :), but I've answered your post in the Lounge and I can help you here).

"You'll note that it is just returning a redirect." That's the first problem, you should only re-direct if the login is a success.

"as this loses all the model data (which would be useful to keep if the log on fails)" If the login fails you should return a view with the "failure" information in (I'm guessing the form you have, with the username filled in (the password blanked and a message "Your login fooed for some reason" type thing). I'm not sure what else you'd want to keep this information for. Without persisting it at the server via session or a proper backing store, you're going to have the same problems that you'd have with ASP.NET: there is no way to send the information safely to the client without encryption (even ViewState can be read). This is *partially* an example of what I was alluding to in The Lounge about ASP.NET forms hiding stuff from you and it not always being a good thing.

What I'm thinking is that there might be a way to determine the default view based on the referrer URL. So if I pass in "/Home/Index" or "/Home" or "/" or "/SomeOtherValidRoute" to a function, it will return the "~/Views/Home/Index.cshtml" view. There is a way to achieve this and you are close to the mark. If you want to see a full solution, I suggest you create a new MVC3 application but select "Internet". It creates a login form for you, secured against (unconfigured) Authentication/Authorisation providers. You can secure it against the providers as you would for ASP.NET. Let's say you've two secured action methods corresponding to /home/index and /foo/bar. It is important to secure these with the Authorize attribute[^] as there may be more than one way to access these methods, the ASP.NET location in web config is not sufficient.

Anyway, having done this, if you try and navigate to /home/index you'll get the login page and the Query string posted back to the server will have /home/index as the target. The default Login action method (similar to the one you have) will then transfer to the target as supplied by the login form in the query string. That way, if navigating to /foo/bar and logging in it will re-direct there instead.

This isn't the only way to skin this problem, but it should get you started.

Let me know if you need any more help, I'll try to remember to see if you've replied in the morning sorry I can't provide code at the moment!
Share this answer
AspDotNetDev 15-May-12 0:08am    
FYI, my comment was too large to reasonably fit here, so I created a thread where we can discuss this (short version: I don't want a URL dedicated to login):
Keith Barrow 15-May-12 8:42am    
I've already answered there a few times, and you replied LOL!
AspDotNetDev 15-May-12 21:25pm    
I don't know what you mean. I posted that message in the ASP.NET forum. You have not replied to that message. We had a conversation in the Lounge, but that was inconclusive.
Have you tried using Html.Action("action", "controller", parameters) (or Html.RenderAction())?
Share this answer
AspDotNetDev 14-May-12 18:16pm    
I assumed that basically chooses the view for me by calling that action, which seems a lot like Html.Partial/RenderPartial. I don't see how it'd allow me to provide a postback which calls the LogOn action method on the AccountController without changing the URL. Though maybe I don't understand it fully. Could you update your answer to show a full example? I will also try to play around with this when I get home from work.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900