Microsoft has recently announce ASP.NET MVC 3.0 Beta. Compared to the ASP.NET MVC 3 Preview 1, this release brings a lot of new features as well as some great enhancements. Scott Guthrie has a nice blog article to introduce the break changes and the new features of this release.
This release relies on the ASP.NET Web Pages Beta to work, which already included in the ASP.NET MVC 3 Beta download page I referred in the preceding paragraph. I think many of you guys may have already tried to upgrade the existing ASP.NET MVC 2 or 3 Preview 1 application to the new Beta release. To understand the full process to upgrade, you have to refer to the Release Notes document, which also included in the MVC download page.
Because ASP.NET MVC 3 Beta based on Web Pages 1.0 Beta, as a default behavior, the Forms Authentication is automatically enabled in ASP.NET Web Page based applications, such as a Razor view engine MVC application or classic ASPX view engine MVC application. Hence, the application created by MVC 3 Beta may have the Forms Authentication enabled by default. This behavior is totally unexpected if your application is only using Windows Authentication, or Basic Authentication with all other authentication modes disabled (including Anonymous and Forms Authentications).
This is a screenshot if your application only enables Basic Authentication, whatever page you visit, you will be redirected to the ~/Account/Login URL.
This might happen if you configure <authentication> section to use Windows Authentication in your web.config file and only allow Basic Authentication (HTTP 401 Challenge) once deploy to IIS.
To repro this in a domain based context, change the <authentication> settings in your web.config to:
<authentication mode="Windows"></authentication>
Then set your IIS to only allow Basic Authentication.
It looks very strange because you didn’t configure any Forms Authentication redirect/login URL to this value anywhere. To check this, do a full search for “Account/Login” in Visual Studio IDE.
The problem seems coming from the ASP.NET MVC, or ASP.NET Web Pages. However, by deeply researching into the ASP.NET MVC source code, I didn’t find any relevant code to set this. But, in System.Web.WebPages namespace, I find out a WebPages.FormsAuthenticationSettings class, which contains a string property AutoFormsAuthenticationKey, indicating the configuration key for automatically enable Forms Authentication.
So it’s now very close to the end to solve this issue. I try to add a new application setting to the web.config with this key and set the value to “false”, then check back again if Forms Authentication is enabled. This time, it says IsEnabled = false. I get it!
<appSettings>
<add key="enableSimpleMembership" value="false" />
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
<add key="autoFormsAuthentication" value="false"/>
</appSettings>
This definitely solved the problem. Unfortunately, this workaround doesn’t get documented in any of the official release documentation of this ASP.NET MVC 3 Beta version. Hope this helps the people who has encountered the same problem when they try to upgrade existing application from 2.0 to 3.0 Beta which works in a domain environment.
Subscribe