MVC Redirect after login

I have an AccountController where users can login, and an area named Admin where users have to been autorized to see. When users log in with correct username and pw, it redirects to the same page again ( ../Account/Login?ReturnUrl=%2FAdmin )


public class AccountController : Controller
        public ActionResult Login()
            return View();
        public ActionResult Login(LoginModel model, string returnUrl)
            if (ModelState.IsValid)
                if (model.Username == "User" && model.Password == "Pa$$W0rd")
                    FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
                    if (!string.IsNullOrWhiteSpace(returnUrl))
                        return Redirect(returnUrl);
                    return RedirectToAction("Index", "Admin", new { area = "Admin"});
                ModelState.AddModelError("", "Brukernavn og/eller passord er feil");
            return View();

AdminController in area Admin

public class AdminController : HimmelhoytControllerBase
        public ActionResult Index()
            return View();

View Login

@model Himmelhoyt.Models.AccountModels.LoginModel
    ViewBag.Title = "Logg inn";
    @using (Html.BeginForm("Login", "Account", FormMethod.Post, new { @class = "form-signin" }))
        < text>

            @Html.LabelFor(m => m.Username, new { @class = "sr-only" }) @Html.EditorFor(m => m.Username, new { htmlAttributes = new { @class = "form-control", placeholder = "Brukernavn", autofocus = "autofocus" } })
            @Html.ValidationMessageFor(m => m.Username, "", new { @class = "bg-danger validationMessage" })

            @Html.LabelFor(m => m.Password, new { @class = "sr-only" }) @Html.EditorFor(m => m.Password, new { htmlAttributes = new { @class = "form-control", placeholder = "Passord", type = "password" } })
            @Html.ValidationMessageFor(m => m.Password, "", new { @class = "bg-danger validationMessage" })
            @Html.EditorFor(x => x.RememberMe@*, new { htmlAttributes = new { @class = "checkbox" } }*@) @Html.LabelFor(m => m.RememberMe)
            @Html.ValidationMessageFor(m => m.RememberMe)
            <br />
            @Html.Submit("Logg på", new { @class = "btn btn-lg btn-primary btn-block" })


In the Account-controller, return RedirectToAction("Index", "Admin", new { area = "Admin" }); is executed, but as I said, it only redirects to the same page.

EDITED Web.config

    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-Himmelhoyt-20140831071527.mdf;Initial Catalog=aspnet-Himmelhoyt-20140831071527;Integrated Security=True" providerName="System.Data.SqlClient" />
    <add name="HimmelhoytDb" connectionString="data source=(localdb)\v11.0;initial catalog=Himmelhoyt;integrated security=True;MultipleActiveResultSets=True;App=EntityFramework" providerName="System.Data.SqlClient" />
    <add key="webpages:Version" value="" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <!--<authentication mode="None" />-->
    <authentication mode="Forms">
      <forms loginUrl="/Account/Login" />
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
      <remove name="FormsAuthentication" />
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="" newVersion="1.6.5135.21930" />
        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="" newVersion="" />
        <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="" newVersion="" />

Try to remove the following lines from your Web.config

  <remove name="FormsAuthentication" />

Try this:

move this method from the Account controller to the Admin controller:

    public ActionResult Login(LoginModel model, string returnUrl)
        if (ModelState.IsValid)
            if (model.Username == "User" && model.Password == "Pa$$W0rd")
                FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
                if (!string.IsNullOrWhiteSpace(returnUrl))
                    return Redirect(returnUrl);
                return RedirectToAction("Index", "Admin", new { area = "Admin"});
            ModelState.AddModelError("", "Brukernavn og/eller passord er feil");
        return View();

And change the controller call in your View from:

@using (Html.BeginForm("Login", "Account", FormMethod.Post, new { @class = "form-signin" }))


@using (Html.BeginForm("Login", "Admin", FormMethod.Post, new { @class = "form-signin" }))

Then change a line in the method you moved to the Admin Controller, from:

return View();


return Redirect("Index");

See if it works and suits your needs

If I am correct, I can see that you set SetAuthCookie if the user provide correct credentials but you haven't sign in yet. because of that you always redirected to the login page.

I think you have to sign in in order to see the admin section. Use your sing in methods to sign in.

    public ActionResult Login(LoginModel model, string returnUrl)
        if (ModelState.IsValid)
            if (model.Username == "User" && model.Password == "Pa$$W0rd")
                FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);

                //Sign in code should go here.

                if (!string.IsNullOrWhiteSpace(returnUrl))
                    return Redirect(returnUrl);
                return RedirectToAction("Index", "Admin", new { area = "Admin"});
            ModelState.AddModelError("", "Brukernavn og/eller passord er feil");
        return View();

What is the authentication method you used in your application? Is it Asp.net Identity framework?

Hope this helps.

I do not know if this is okay but for your problem I did as follows:

case SignInStatus.Success:
return RedirectToAction("RedirectLogin", new {ReturnUrl = returnUrl});

public ActionResult RedirectLogin(string returnUrl)
   return User.IsInRole("Reader") ? RedirectToAction("Index", "Employees") : RedirectToLocal(returnUrl);

And if you do not want it to be "Home" or "Index" as default, change this:

private ActionResult RedirectToLocal(string returnUrl)
  if (Url.IsLocalUrl(returnUrl))
     return Redirect(returnUrl);
     return RedirectToAction("Dashboard", "User");

Everything in your AccountController, hope it helps.

public static string securityIsnuul(string id)
    agancyEntities db = new agancyEntities();

    if (id == null)
      //// redirect to url??????

Your this line of code return RedirectToAction("Index", "Admin", new { area = "Admin"});

might be throwing exception. Try

  1. putting a try catch and see what is the exception.
  2. You are passing value , but your index method in Admin does not take any param. Check this.

