How does FormsAuthentication.RedirectFromLoginPage() work?

It doesn't return a view. In fact, the Action still needs to ret开发者_如何转开发urn a view after calling this ... so what's going on?

If you want to use the FormsAuthentication system, you'll want to switch to this line (which implicitly uses the returnUrl parameter).

return Redirect(FormsAuthentication.GetRedirectUrl(model.UserName, true));

You will get the URL that FormsAuthentication.RedirectFromLoginPage would have used, but you will explicitly bail from the action method with a RedirectResult instead.

Note

If you go this route, you'll want to put a defaultUrl parameter in the forms auth web.config line in case someone goes directly to your login page (or they pass in a redirectUrl that doesn't pass FormsAuthentication's security restrictions). Without overriding the default, bad URLs will be redirected to ~/default.aspx. In most MVC apps, that will likely 404.

<forms loginUrl="~/Account/LogOn" defaultUrl="~/" timeout="2880">

Alternative

If you spin up a new MVC 3 sample "Internet Application", you will find a LogOn action method that handles a returnUrl similar to what FormsAuthentication.RedirectFromLoginPage does internally.

if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
    && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) {
    return Redirect(returnUrl);
}
else {
    return RedirectToAction("Index", "Home");
}

It's exactly what it says - a redirect. This is a response code sent to the browser to ask it to request another URL. That's the point at which a view is requested in MVC, or a web page in straight ASP.NET.