MVC 4 Redirect failing with Authorize Attribute, AllowAnonymous

Question

I'm adding email verification to an MVC4 website that uses the WebSecurity membership stuff.

If a user registers, we send them an email with a link. If they try to login prior to confirming their registration, WebSecurity.Login() fails. Okay, that's reasonable.

What I need the site to do is recognize that it is awaiting them to complete confirmation and notify them. So I have code like:

if (ModelState.IsValid && !WebSecurity.IsConfirmed(model.UserName))
{
    // Inform the user
    return RedirectToAction("ConfEmailSent");
}

The controller is marked with the [Authorize] attribute and the action itself is marked with [AllowAnonymous].

The Redirect fails, but if I manually change the URL in the browser, it works just fine.

Is this an MVC4 bug or am I missing something here?

if I manually change the URL in the browser, it works just fine. Could you elaborate more? — Win
And what do you mean by The Redirect fails? What does the user see? — Cloud SME
I'm not sure what to add to the first comment. I thought it was self-explanatory. I modify the URL in the browser's address bar and it brings up the page just fine. — jrichview

jrichview jrichview · Accepted Answer · 2017-03-28T15:13:12

Mystery solved. Really embarrassing oversight: I omitted the return statement and just called RedirectToAction() in a couple of places. Duh me.

MVC 4 Redirect failing with Authorize Attribute, AllowAnonymous

1 Answers