Asp MVC URL doesn't redirect to index after successful authentication

Question

In my ASP MVC web application, when I try to authenticate using email and password to log in. The URL redirect doesn't allow me to pass to the main page after successful authentication.

    [AllowAnonymous]
    public ActionResult Login(string returnUrl)
    {
        if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl) && returnUrl.Contains(nameof(windowsLogOff)))
        {
            return RedirectToAction(nameof(Login));
        }

        if (User.Identity.IsAuthenticated)
        {
            return RedirectToAction(nameof(windowsLogOff), new { returnUrl = returnUrl });
        }

        if (OwinAuthentication.AuthenticationTypes._ActiveAuthenticationsList.Count == 1 && Portal.Commons.Models.Configuration.ByPassAuthentication)
        {
            return RedirectToAction(nameof(ExternalLoginRedirect), new { returnUrl = returnUrl, provider = OwinAuthentication.AuthenticationTypes._ActiveAuthenticationsList[0].AuthenticationTypeDefault });
        }

        return View();
    }

    [HttpPost]
    [ValidateAntiForgeryToken]
    [AllowAnonymous]
    public ActionResult Login(LoginViewModel model)
    {
        if (ModelState.IsValid)
        {
            using (var db = new appDbContext())
            {
                var encodedPWD = Sha256(model.Password);
                var obj = db.Users.Where(a => a.Email.Equals(model.Email) && a.PasswordHash.Equals(encodedPWD)).FirstOrDefault();
                if (obj != null)
                {
                    Session["id"] = obj.Id.ToString();
                    Session["name"] = obj.name.ToString();
                    Session["email"] = obj.Email.ToString();

                    return RedirectToAction("Manager", "home");
                }

                ModelState.AddModelError("", "Email or Password is invalid!.");
            }
        }
        return View(model);
    }  

and my routeConfig code:

   public class RouteConfig
{
    public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

        routes.MapRoute(
            name: "DefaultEn",
            url: "en/{controller}/{action}/{id}",
            defaults: new { language = "en", controller = "data", action = "index", id = UrlParameter.Optional },
            constraints: new { controller = "data" },
            namespaces: new[] { "Portal.Controllers" }
        );

        routes.MapRoute(
            name: "Default",
            url: "{controller}/{action}/{id}",
            defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
        );
    }
}

When I enter on login page the URL on localhost is something like this: http://localhost:3535/account/login?ReturnUrl=%2F

When I fill the login form with the correct credentials I got this: http://localhost:3535/account/login?ReturnUrl=%2Fhome%2FManager

Instead of: http://localhost:3535/account/Manager

About OwinAuthentication , using external login to authenticate such as Google and Microsoft, both works without any issue, I only got a problem on manual login.

Answer 1

I have found that the solution to solve this issue is creating a Custom Authentication and Authorization for my custom local login.

My custom login only updates session and redirects to account/index, which probably requires authentication, thus the redirect to the authentication url.