Beware ~/bin deployment of MVC and Razor with FormsAuthentication
If you’re ~/bin deploying MVC (or more specifically “ASP.NET Web Pages with Razor syntax”) and you’re having a problem with your login URL redirects (with FormsAuthentication or WIF for that matter) then let me help you. Prior to ~/bin deployment your login redirects were working fine. You’d go to some URL and you’d get redirected to your custom login page as configured in web.config, such as this (note the non-standard loginUrl):
<authentication mode="Forms"> <forms loginUrl="~/Account/Auth/Login"/> </authentication>
But now that you’ve ~/bin deployed MVC anytime you are redirected to a login page it’s this URL instead (note the URL is different than the one configured above):
~/Account/Login?ReturnUrl=the-path-you-were-not-authorized-for
Dominick just had this problem earlier today (but since it wasn’t my problem at the time I didn’t help him out… sorry Dom). Coincidentally I ran into the same issue later in the same day (and since it was now my problem I spent the time to look into it) . Anyway, to solve the problem you need to disable something called “simple membership”. To fix go into web.config and add this:
<appSettings> <add key="enableSimpleMembership" value="false"/> </appSettings>
And now you should be all set. If you want to know what the underlying problem is read on.
What’s happening is that when you ~/bin deploy MVC and Razor, the Razor DLLs are auto-registering some pre-App_Start code to run (which I thought was a neat idea, until now). For the curious it’s WebMatrix.WebData.PreApplicationStartCode.SetupFormsAuthentication from WebMatrix.WebData.dll. If this assembly is not ~/bin deployed then this pre-App_Start code doesn’t run. This pre-App_Start code will force Forms authentication to be enabled (with the login URL at the aforementioned path) unless it finds config data telling it otherwise. Here’s the kicker: the absence of any config data is sufficient to enable this feature. You have to explicitly disable it (as described above). This is quite annoying.
Sir Haack, plz fix (or make the VS tooling add this to the .config when you add deployable dependencies).
Edit: The way to avoid all of this is to simply not check “ASP.NET Web Pages with Razor syntax” (even though it’s quite tempting given the name) when ~/bin deploying. Phil did mention this in his post on the topic, but that detail escaped me when I was doing this in VS. Thx for the followup Phil.
Edit 2: Also seems there’s a .config setting to be able to use simple membership but to keep the login page controlled by your app:
<appSettings> <add key="PreserveLoginUrl" value="true" /> </appSettings>
brockallen 
You shouldn’t need that setting unless you include the assemblies with Simple Membership. Did you read my blog post about Adding Deployable Assemblies? http://haacked.com/archive/2011/05/25/bin-deploying-asp-net-mvc-3.aspx
Don’t select “ASP.NET Web Pages with Razor Syntax”. Only select “ASP.NET MVC” and you’ll be fine.
Yes, but that detail escaped me when I went to add the deployable dependencies. So that’s good news, I suppose — avoid the issue by not including “ASP.NET Web Pages with Razor syntax” (despite the name). Thx Phil.
Yes, that product is poorly named. :) It has nothing to do with ASP.NET MVC really.
adding a in the section will also fix the problems. SimpleMembership is getting its value from the wrong place.
Not sure what you mean, Matthew.
Just did exactly the same thing; checked both boxes to add deployable references, then started getting mysterious login errors. This post really helped me out, thanks.
You just saved my day! Thanks a ton for the tip :)
Mentioned you in my post at http://musingsandshouts.blogspot.com/2012/11/windows8-and-mvc3-you-must-call.html