4

I have a simple form that posts to an HttpPost action method, which returns its corresponding view. My issue is that I'm getting a 404 Not Found error. Oddly enough, if I change the form method and the attribute on the action method to a GET, then it works and the TestMethod view is displayed.

It seems I'm missing something for using POST, but my posts in other controllers work fine (e.g. account login and registration). Note the AllowAnonymous attribute is a custom attribute to be able to specify the controllers or actions that allow anonymous access, as opposed to specifying (via the Authorize attr) the controllers or actions that require authorization. I guess nothing is impossible, but I don't think that has anything to do with my issue. Any thoughts on what is wrong?

FORM:

@using (Html.BeginForm("TestMethod", "Test", FormMethod.Post, new { @id = "testForm" })) {
    <fieldset>
        <legend>Test Form</legend>
        <input type="submit" value="Submit" />
    </fieldset>
}

CONTROLLER ACTION:

[AllowAnonymous]
[HttpPost]
public ActionResult TestMethod() {
    return View();
}

VIEW:

<h2>TestMethod</h2>
<p>HttpPost method was successful.</p>

REGISTER ROUTES METHOD FROM Global.asax.cs:

public static void RegisterRoutes(RouteCollection routes) {
        routes.IgnoreRoute("favicon.ico");
        routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

        // About
        routes.MapRoute(
            "About", // Route name
            "about", // URL with parameters
            new { controller = "Home", action = "About" } // Parameter defaults
        );

        // Faq
        routes.MapRoute(
            "Faq", // Route name
            "faq", // URL with parameters
            new { controller = "Home", action = "Faq" } // Parameter defaults
        );

        // Glossary
        routes.MapRoute(
            "Glossary", // Route name
            "glossary", // URL with parameters
            new { controller = "Home", action = "Glossary" } // Parameter defaults
        );

        // Register
        routes.MapRoute(
            "Register", // Route name
            "register", // URL with parameters
            new { controller = "Account", action = "Register" } // Parameter defaults
        );

        // LogIn
        routes.MapRoute(
            "LogIn", // Route name
            "login/{id}", // URL with parameters
            new { controller = "Account", action = "LogOn", id = UrlParameter.Optional } // Parameter defaults
        );
        routes.MapRoute(
            "LogOn", // Route name
            "logon/{id}", // URL with parameters
            new { controller = "Account", action = "LogOn", id = UrlParameter.Optional } // Parameter defaults
        );

        // Default
        routes.MapRoute(
            "Default", // Route name
            "{controller}/{action}/{id}", // URL with parameters
            new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults
        );

}

AUTHORIZE ATTRIBUTE CODE:

// AllowAnonymousAttribute class
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class AllowAnonymousAttribute : Attribute { }

// GlobalAuthorize class
public sealed class GlobalAuthorize : AuthorizeAttribute {
    public override void OnAuthorization(AuthorizationContext filterContext) {
        bool skipAuthorization = 
            filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || 
            filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);

        if (!skipAuthorization) base.OnAuthorization(filterContext);
    }
}

// RedirectAuthorizeAttribute class
public class RedirectAuthorizeAttribute : AuthorizeAttribute {
    public string RedirectUrl { get; set; }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
        filterContext.Result = new RedirectResult(RedirectUrl);
    }
}

GLOBAL FILTERS:

public static void RegisterGlobalFilters(GlobalFilterCollection filters) {
    filters.Add(new RequireHttpsAttribute());
    filters.Add(new GlobalAuthorize());
    filters.Add(new HandleErrorAttribute());
}

ROUTE REWRITING RULES:

<rewrite>
  <rules>
    <!-- Block all requests made to a website that do not have the host header set. -->
    <rule name="Fail bad requests" stopProcessing="true">
      <match url=".*" />
      <conditions>
        <add input="{HTTP_HOST}" pattern="localhost" negate="true" />
      </conditions>
      <action type="AbortRequest" />
    </rule>
    <!-- Remove trailing slash from all incoming requests. -->
    <rule name="Remove trailing slash" stopProcessing="false">
      <match url="(.*)/$" />
      <conditions>
        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="{R:1}" />
    </rule>
    <!-- Convert all requests to all lowercase. -->
    <rule name="Convert to lowercase" stopProcessing="false">
      <match url=".*[A-Z].*" ignoreCase="false" />
      <action type="Redirect" url="{ToLower:{R:0}}" redirectType="Permanent" />
    </rule>
    <!-- Any URL with (HTTPS == OFF) and (HTTP_HOST with colon) -> use for development testing. -->
    <rule name="Development redirect to HTTPS" enabled="true" stopProcessing="true">
      <match url=".*" ignoreCase="true" />
      <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
        <add input="{HTTPS}" pattern="^OFF$" />
        <add input="{HTTP_HOST}" pattern="([^/:]*?):[^/]*?" />
      </conditions>
      <action type="Redirect" url="https://{C:1}:44300{URL}" />
    </rule>
    <!-- Redirect any HTTP request to HTTPS. -->
    <rule name="Redirect to HTTPS" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="^OFF$" ignoreCase="true" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>
neizan
  • 2,291
  • 2
  • 37
  • 52
  • 3
    Show the relevant routing table entries..Also, did you try to remove the `AllowAnonymous` attribute? – twoflower Aug 20 '12 at 08:40
  • @twoflower, I've added the only relevant routing table entry. If I remove the `AllowAnonymous` attr, I'm redirected to the login page (as is the desired behavior). – neizan Aug 20 '12 at 08:49
  • Can you post of the code of the `AllowAnonymous` attribute? – nemesv Aug 20 '12 at 08:51
  • @nemesv, added code for `AllowAnonymous` attr, as well as the global fileters. – neizan Aug 20 '12 at 09:02
  • @neizan, please show your routing configuration. – Darin Dimitrov Aug 20 '12 at 09:33
  • @DarinDimitrov, what do you mean by "routing configuration"? Do you mean the entire `RegisterRoutes` method, or route rewriting rules? I've posted the route rewriting rules in `Web.config` in case it's any help. I'll post more if I've misunderstood, just clarify. Thanks. – neizan Aug 20 '12 at 09:55
  • So you have route rewrites? Wow that's new. I wonder why this information wasn't mentioned in your initial question. Also please post your full routing configuration in Global.asax – Darin Dimitrov Aug 20 '12 at 09:58
  • @DarinDimitrov, yes, route rewrites...you're right, should've posted originally, but just forgot about them, sorry. I've updated the info with the full `RegisterRoutes` method from Global.asax.cs. It replaced the previous section of "Pertinent Routes", so it's sort of in the middle of my post. – neizan Aug 20 '12 at 10:11
  • Until @DarinDimitrov posted his comment, I had forgotten all about the rewrite rules in my app. For the last three hours I've been looking into this more, and I do think the problem is with the rewrite rules. Although I can't pinpoint the issue, it appears that the `POST` request is getting changed to a `GET` request somewhere along the way. Has anyone ever had a similar issue? Does anyone know how to fix it? If I keep `FormMethod.Post` on the form and just update the controller action to `HttpGet` it works, which I think is due to the `POST` being changed to a `GET`. HELP! Thanks! – neizan Aug 20 '12 at 13:24

2 Answers2

5

I think I finally found the culprit. First of all, I'll concede that, knowing now what the issue was, the title of this question isn't very accurate. The problem mostly dealt with a rule rewrite in Web.config. Until responding to others' comments for this question, I had completely forgotten about the rule rewrites, which is why I hadn't checked them out further to begin with.

Anyway, the issue was a rule that rewrote URLs to all lowercase. I knew my account registration and login forms were working fine, so I checked them out and noticed that their Html.BeginForm statements were parameterless, which, evidently results in a lowercase url being generated. I tried parameterless POST request for my test method, and it worked. Then, I tried using parameters for action and controller in the Html.BeginForm statement, but this time I entered them as lowercase strings: Html.BeginForm("testmethod", "test"...). Sure enough, it, too, worked just fine, and the page source showed the form action as lowercase.

To fix my problem, I just had to set a condition to not match POST requests: <add input="{REQUEST_METHOD}" matchType="Pattern" pattern="POST" negate="true" />. Note that the issue was not the lowercase rule specifically, but rather that the POST request was being redirected. I found one blog that discusses the issue of POST redirects being converted to GETs and resulting in errors, which is exaclty what I was experiencing. It's a couple years old, but apparently it's still pertinent info.

At any rate, I'm now back up and running. Thanks to all who threw in their two cents.

P.S. As I'm closing browser tabs and concluding my search, I figured I'd link to this SO question, as it is definitely related to my issue.

Community
  • 1
  • 1
neizan
  • 2,291
  • 2
  • 37
  • 52
0

I tested your code just now. I initially got redirected for not using HTTPS so I disabled this attribute, but after that your code worked.

Here's my logical deducting...

  • If HTTPS was the problem, you wouldn't be getting a 404.
  • If you weren't logged in, you would be redirected to the login page.

The only thing I can think of is that your controller is either not named "TestController" or that your controller is in an area and you forget to supply this area with the BeginForm. Is it one of these by any chance?

J.P.
  • 5,567
  • 3
  • 25
  • 39
  • The controller is definitely named "TestController". Regarding the area part, I'm not totally sure. I've not used areas, though I've seen many questions discussing areas with similar problems. Since I've not intentionally used an area, I'm assuming that isn't it. Is it possible that I'm using an area without having specifically written code for it? Maybe I need to read more about areas to see what they're all about, but again, if I change things to `GET` request, then it works. It's just the `POST` giving me issues. – neizan Aug 20 '12 at 09:44
  • @JPtenBerge, I took a quick look at areas. I'm not using areas in my project, so I don't think that's it. Thanks, anyway, for the suggestions. – neizan Aug 20 '12 at 10:02
  • Probably not. You can check by simply looking at your project structure and see if a folder "Areas" is present directly under the root. If not, you're most likely not using areas. The route rewriting rules would be my prime suspect at this point. – J.P. Aug 20 '12 at 10:05