1

My application (MVC4/C#) uses the SimpleMembershipProvider and generally works fine. However, I have a problem that I cannot resolve after spending many hours researching and testing.

If I leave my application for a period of time (say 30 minutes) then select a menu item, the page renders (sidebar/header/footer), but the @RenderBody section redirects to the ~/Account/Login action.

If I then ignore the login and click on any controller action link (from the menu) then it loads as expected. It appears that the razor layout view correctly thinks I am authenticated, but the controller doesn't think I am authorized. I have a base class for most of my controllers that I inherit from that has the [Authorize] attribute.

If I logout, only the RenderBody section renders as expected, for ~/Account/Login action.

From web.config 

<system.web>
  <roleManager enabled="true" />
  <authentication mode="Forms">
    <forms loginUrl="~/Account/Login" timeout="2880" />
  </authentication>

Base controller

[Authorize]
public abstract class AuthorizeBaseController : Controller
{
}

Controllers 

public class SiteController : AuthorizeBaseController 
{
    private SiteContext db = new SiteContext();

    public ActionResult Index()
    {
        return View(db.Sites.ToList());
    }

        :

_Layout.cshtml

:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>@ViewBag.Title</title>
<link href="~/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<meta name="viewport" content="width=device-width" />
@Styles.Render("~/Content/css")
@Scripts.Render("~/bundles/modernizr")
@Styles.Render("~/Content/menubar.css")
</head>
<body>
@if (Request.IsAuthenticated)
{
    <div id="header">
        :
    </div>
    <div id="sidebar">
        :
    </div> <!-- sidebar -->
}

<div id="body">
    @RenderBody()
</div>

@if (Request.IsAuthenticated)
{
    <footer>
        :
    </footer>
}
@Scripts.Render("~/bundles/jquery")
@RenderSection("scripts", required: false)
</body>
</html>
tr3v
  • 431
  • 1
  • 9
  • 19
  • Looks like it is related to [this question](http://stackoverflow.com/questions/12257232/role-based-authentication-in-the-new-mvc-4-internet-template-using-simplemembers) – tr3v Oct 18 '13 at 00:54

2 Answers2

0

It is because 

[Authorize]

AuthorizeAttribute is MVC in built Attribute . make your own customize Attribute . You can have result as expect you .

Right now you can remove this Authorize Attribute from your every Controller and Action then your problem will solved .

Dilip Langhanoja
  • 4,455
  • 4
  • 28
  • 37
  • Can you explain this further please? I have used this attribute in previous projects, but not with SimpleMembership. I cannot remove it as I have roles defined and need [Authorize(roles="Admin")] for some actions. – tr3v Oct 17 '13 at 18:46
  • I tried removing [Authorize] from controllers as you suggested but that effectively removed security and let any unauthenticated user in. I think my issue has something to do with caching and/or session management because the user is recognized as authenticated but the associated user information is unavailable until the page is refreshed. – tr3v Oct 17 '13 at 20:55
  • For Access Management you can create your own Attribute as describe here http://stackoverflow.com/a/13284548/2318354 as well you can check that Session is alive or not . So you will get perfect Result. – Dilip Langhanoja Oct 18 '13 at 05:25
0

The problem was caused by the SimpleMembershipProvider. In short, sometimes my Authorise filter was being called before InitializeSimpleMembershipAttribute().

I got my solution from this post which refers to a more detailed explanation on Scott Allen's blog

Community
  • 1
  • 1
tr3v
  • 431
  • 1
  • 9
  • 19