Search code examples
asp.netmodel-view-controllerauthenticationreturnurl MVC ReturnUrl value always null

OK I'v researched and tried every single suggestion (individually of course) before posting this and I hit a wall every time

This is my log in view I used ViewBag to pass the ReturnUrl value as I've seen in many answers to this problem

@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { role = "form" }))


And this is the login action result

public ActionResult Login(UserLogin login, string returnUrl="")
    string message = "";
    using (NerdsContext nc = new NerdsContext())
        var v = nc.User.Where(a => ==;
        if (v != null)
            if (!v.IsEmailVerified)
                ViewBag.Message = "Please verify your email first";
                return View();
            if (string.Compare(Crypto.Hash(login.password), v.password) == 0)
                int timeout = login.rememberMe ? 525600 : 20; // 525600 min = 1 year
                var ticket = new FormsAuthenticationTicket(, login.rememberMe, timeout);
                string encrypted = FormsAuthentication.Encrypt(ticket);
                var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
                cookie.Expires = DateTime.Now.AddMinutes(timeout);
                cookie.HttpOnly = true;

                //Redirect the user to new url
                if (Url.IsLocalUrl(returnUrl))
                    ViewBag.ReturnUrl = returnUrl;
                    return Redirect(returnUrl);

                    return RedirectToAction("Nerd", "Home");
                message = "Invalid credential provided";
            message = "Invalid credential provided";
    ViewBag.Message = message;
    return View();

And finally this is the lines I added in web.config file

 <authentication mode="Forms">
      <forms cookieless="UseCookies"  loginUrl="/Account/Login"  timeout="30" slidingExpiration="true" protection="All"></forms>

And when I run this I never get to actually login it always send me back to the login page and the value of the returnUrl is always null So what is going on here????


  • OK after much search I found my answer here [Request.IsAuthenticated is always false ]

    I had to add these line in my web.config's modules inside system.WebServer

    <remove name="FormsAuthentication" />
          <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />