Beware ~/bin deployment of MVC and Razor with FormsAuthentication
If you’re ~/bin deploying MVC (or more specifically “ASP.NET Web Pages with Razor syntax”) and you’re having a problem with your login URL redirects (with FormsAuthentication or WIF for that matter) then let me help you. Prior to ~/bin deployment your login redirects were working fine. You’d go to some URL and you’d get redirected to your custom login page as configured in web.config, such as this (note the non-standard loginUrl):
<authentication mode="Forms"> <forms loginUrl="~/Account/Auth/Login"/> </authentication>
But now that you’ve ~/bin deployed MVC anytime you are redirected to a login page it’s this URL instead (note the URL is different than the one configured above):
Dominick just had this problem earlier today (but since it wasn’t my problem at the time I didn’t help him out… sorry Dom). Coincidentally I ran into the same issue later in the same day (and since it was now my problem I spent the time to look into it) . Anyway, to solve the problem you need to disable something called “simple membership”. To fix go into web.config and add this:
<appSettings> <add key="enableSimpleMembership" value="false"/> </appSettings>
And now you should be all set. If you want to know what the underlying problem is read on.
What’s happening is that when you ~/bin deploy MVC and Razor, the Razor DLLs are auto-registering some pre-App_Start code to run (which I thought was a neat idea, until now). For the curious it’s WebMatrix.WebData.PreApplicationStartCode.SetupFormsAuthentication from WebMatrix.WebData.dll. If this assembly is not ~/bin deployed then this pre-App_Start code doesn’t run. This pre-App_Start code will force Forms authentication to be enabled (with the login URL at the aforementioned path) unless it finds config data telling it otherwise. Here’s the kicker: the absence of any config data is sufficient to enable this feature. You have to explicitly disable it (as described above). This is quite annoying.
Sir Haack, plz fix (or make the VS tooling add this to the .config when you add deployable dependencies).
Edit: The way to avoid all of this is to simply not check “ASP.NET Web Pages with Razor syntax” (even though it’s quite tempting given the name) when ~/bin deploying. Phil did mention this in his post on the topic, but that detail escaped me when I was doing this in VS. Thx for the followup Phil.
Edit 2: Also seems there’s a .config setting to be able to use simple membership but to keep the login page controlled by your app:
<appSettings> <add key="PreserveLoginUrl" value="true" /> </appSettings>