It doesn't return a view. In fact, the Action still needs to ret开发者_如何转开发urn a view after calling this ... so what's going on?
If you want to use the FormsAuthentication
system, you'll want to switch to this line (which implicitly uses the returnUrl
parameter).
return Redirect(FormsAuthentication.GetRedirectUrl(model.UserName, true));
You will get the URL that FormsAuthentication.RedirectFromLoginPage
would have used, but you will explicitly bail from the action method with a RedirectResult
instead.
Note
If you go this route, you'll want to put a defaultUrl
parameter in the forms auth web.config line in case someone goes directly to your login page (or they pass in a redirectUrl
that doesn't pass FormsAuthentication's security restrictions). Without overriding the default, bad URLs will be redirected to ~/default.aspx
. In most MVC apps, that will likely 404.
<forms loginUrl="~/Account/LogOn" defaultUrl="~/" timeout="2880">
Alternative
If you spin up a new MVC 3 sample "Internet Application", you will find a LogOn
action method that handles a returnUrl
similar to what FormsAuthentication.RedirectFromLoginPage
does internally.
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) {
return Redirect(returnUrl);
}
else {
return RedirectToAction("Index", "Home");
}
It's exactly what it says - a redirect. This is a response code sent to the browser to ask it to request another URL. That's the point at which a view is requested in MVC, or a web page in straight ASP.NET.
精彩评论