ASP.NET MVC POST incorrectly returning HTTP 302

Question

I've looked all over and can't find an answer to this. I have a simple test controller in ASP.NET MVC4 set up as follows:

public class TestController {
    [HttpGet]
    public ActionResult Index() {
        MyModel model = new MyModel();
        model.Debug += "GET Method";
        return View(model);
    }

    [HttpPost]
    public ActionResult Post(MyModel model) {
        model.Debug += "POST Method";
        return View("Index", model);
    }
}

The Index view just has a form and a button that POSTs to /Test/Post which should just return HTTP 200 with the Index view. That works as expected on my laptop and on my server. But on the hosting provider I get the following when I perform the POST:

POST /Test/Post returns HTTP 302 Redirect to /Test/Post (What the heck?)
GET /Test/Post returns HTTP 404

How could this possibly happen? Any ideas for troubleshooting this problem?

The only difference that I know of between the environments is that I have .NET 4.5 installed and they have .NET 4.0 installed (and won't install 4.5 for some reason.) The projects target .NET 4 though, so don't think it would matter? Originally I had them targeting 4.5, but changed it after I learned that it isn't installed on the server.

Searching for ASP.NET POSTs returning 302 brings up a lot of questions about redirecting due to logins. But this controller isn't under any sort of restricted folder or [Authorize] attribute.

---

Update - web.config's

I've tried it with and without <authorization> , same results either way. Here is the system.web, in case this will help:

  <system.web>
    <customErrors mode="Off"/>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.Helpers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.WebPages, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="30"/>
    </authentication>
    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="Database" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
      </providers>
    </membership>
    <pages controlRenderingCompatibilityVersion="4.0">
      <namespaces>
        <add namespace="System.Web.Helpers"/>
        <add namespace="System.Web.Mvc"/>
        <add namespace="System.Web.Mvc.Ajax"/>
        <add namespace="System.Web.Mvc.Html"/>
        <add namespace="System.Web.Routing"/>
        <add namespace="System.Web.WebPages"/>
        <add namespace="Microsoft.Web.Mvc"/>
        <add namespace="Tenido.Domain"/>
        <add namespace="Tenido.Web.Mvc.Controllers"/>
      </namespaces>
    </pages>
    <httpModules>
      <add name="ImageResizingModule" type="ImageResizer.InterceptModule"/>
    </httpModules>
  </system.web>

Answer 1

After much back and forth, the hosting provider brought it to my attention that they don't support ASP.NET MVC 4, only up to 3. I'm not sure how or why they don't support the newer version, but that seems to be the root of the problem.

Needless to say, I moved to a host that supports the recent frameworks. Now the site works perfectly.

Answer 2

Use AllowAnonymous attribute in your controller Method

[AllowAnonymous]
[HttpGet]
public ActionResult Index() {
    MyModel model = new MyModel();
    model.Debug += "GET Method";
    return View(model);
}

Hope it helps

Answer 3

I had similliar problem.

What helped me was removing <authorization> tag from web.config.

It is not necessary for [Authorize] attributes and changed 302 to 404 code.

Answer 4

I had similar problem. After removing Authorization tag from web.config, it worked for me. Not sure about the reason.

Answer 5

For me, we had error redirect configured for custom errors via web.config

<system.web> 
...  

 <customErrors mode="On" defaultRedirect="~/error/errorpage">
...

</customErrors>

It was doing a 302 after an internal error. Setting customErrors mode="Off" bubbled the error up all the way to the browser.

Answer 6

If using cookie based authentication make sure the cookie being returned for .AspNet.ApplicationCookie (or whatever the name is) matches the domain of the site you're on

What sometimes happens to me is the cookie domain is incorrect for the site I'm on (due to my aging clumsy multi-hosted environment) - and then despite being issued a new auth cookie the browser can't send it back during the redirect (because it's a different domain) so it then redirects back to the auth page.