1

I have created an mvc template application with role based authorization. When a user clicks on an action method meant for him(say About), he is redirected to the About view. But problem occurs when he clicks to another page(ex-home page) then comes again to About. This time he is redirected to login instead of the About page. What could be the possible reason/fix? Tried to clear cookies, history etc. Any help is appreciated

[RequireHttps]
public class HomeController : Controller
{

public ActionResult Index()
    {
        return View();
    }

[Authorize(Roles ="ADMIN")]

public ActionResult About()
{
    ViewBag.Message = "Your application description page.";
    return View();
}

[Authorize(Roles ="ANOTHER")]
    public ActionResult Contact()
    {
        ViewBag.Message = "Your contact page.";

        return View();
    }
}

This is the about.cshtml

@{
ViewBag.Title = "About";
}
<h2>@ViewBag.Title.</h2>
<h3>@ViewBag.Message</h3>

<p>Use this area to provide additional information.</p>

This is Contact.cshtml

@{
    ViewBag.Title = "Contact";
}
<h2>@ViewBag.Title.</h2>
<h3>@ViewBag.Message</h3>

<address>
    One Microsoft Way<br />
    Redmond, WA 98052-6399<br />
    <abbr title="Phone">P:</abbr>
    425.555.0100
</address>

<address>
    <strong>Support:</strong>   <a href="mailto:Support@example.com">Support@example.com</a><br />
    <strong>Marketing:</strong>     <a href="mailto:Marketing@example.com">Marketing@example.com</a>
</address>
It's a trap
  • 1,333
  • 17
  • 39
  • 1
    Please include `controller attributes` and `ActionResults`. – Stefan Jan 30 '16 at 17:35
  • 1
    Please, show your code – romanoza Jan 30 '16 at 17:38
  • @Stefan Added the code – It's a trap Jan 30 '16 at 17:50
  • Hmm, this seems okay. Can you post the cshtml with the links as well? – Stefan Jan 30 '16 at 17:52
  • @Stefan Added the veiws. – It's a trap Jan 30 '16 at 18:00
  • @romanoza added the code – It's a trap Jan 30 '16 at 18:01
  • What [framework](http://www.asp.net/mvc/overview/security) are you using for authentication (Identity, Membership, Custom, etc)? It sounds like either your roles are not being loaded for each request, or your roles are being stored in cookies and the browser does not have cookies enabled. But without knowing where your roles are derived from, I can only guess. – NightOwl888 Jan 30 '16 at 18:14
  • @NightOwl888 i inserted the data into Roles and UserRoles myself by using insert queries. And i have checked that cookies are enabled in my browser. And i am using identity 2.0 – It's a trap Jan 30 '16 at 18:26
  • Are you certain that the user you are testing it with is in that particular Role? because being redirected to login is the default redirect for the Authorize Attribute when the User is not logged in – Toxicable Jan 30 '16 at 22:08
  • @Toxicable i am certain about that. Coz once he is redirected to correct view. When he comes for second time, then only problem occurs. And i have inserted roles and userRoles myself by TSQL statements. Does that brings a problem?? – It's a trap Jan 31 '16 at 04:33

0 Answers0