As per Subject I am trying to change an existing asp.net mvc web app to use forms authentication instead of windows. So far I have done the following:
- Modified authentication mode in web.config
- Added Authorize tag to all controllers (except Account)
- Created new controller for Login View, the view, model, etc.
web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Login Post:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(Login model, string ReturnUrl = "")
{
// code to check user omitted
if(user != null)
{
FormsAuthentication.SetAuthCookie(model.Username, false);
if (Url.IsLocalUrl(ReturnUrl))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
ModelState.AddModelError("", "Username and/or Password is incorrect.");
ModelState.Remove("Password");
return View();
}
When debugging, the login screen is produced by default and not Home/Index. If I test the different usernames/passwords everything is working correctly so no issues with the controller/methods here.
However on Home/Index I put the following for testing:
@if(Request.IsAuthenticated)
{
<p>Logged in @ViewBag.ClientName</p>
}
else
{
<p>Logged off</p>
}
The ViewBag.ClientName is just set from User.Identity.Name. When I login normally the ClientName shows my pc name/local user and not the forms user I logged in with. I can also browse directly to Index/Home and ignore the login to get the same result.
Clearly Windows authentication is still applying here and I have tried closing IIS Express, changing the URL it debugs at etc in case its some form of IIS setting or similar still being set on my local machine but I can't stop this from happening.
Any ideas?
