ASP.NET MVC POST incorrectly returning HTTP 302

Asked 3/12, 2013 at 4:58 Answered 2/7, 2019 at 18:10

Solved c#asp.net-mvc-4 http-post http-status-code-302

I've looked all over and can't find an answer to this. I have a simple test controller in ASP.NET MVC4 set up as follows:

public class TestController {
    [HttpGet]
    public ActionResult Index() {
        MyModel model = new MyModel();
        model.Debug += "GET Method";
        return View(model);
    }

    [HttpPost]
    public ActionResult Post(MyModel model) {
        model.Debug += "POST Method";
        return View("Index", model);
    }
}

The Index view just has a form and a button that POSTs to /Test/Post which should just return HTTP 200 with the Index view. That works as expected on my laptop and on my server. But on the hosting provider I get the following when I perform the POST:

POST /Test/Post returns HTTP 302 Redirect to /Test/Post (What the heck?)
GET /Test/Post returns HTTP 404

How could this possibly happen? Any ideas for troubleshooting this problem?

The only difference that I know of between the environments is that I have .NET 4.5 installed and they have .NET 4.0 installed (and won't install 4.5 for some reason.) The projects target .NET 4 though, so don't think it would matter? Originally I had them targeting 4.5, but changed it after I learned that it isn't installed on the server.

Searching for ASP.NET POSTs returning 302 brings up a lot of questions about redirecting due to logins. But this controller isn't under any sort of restricted folder or [Authorize] attribute.

Update - web.config's

I've tried it with and without <authorization>, same results either way. Here is the system.web, in case this will help:

  <system.web>
    <customErrors mode="Off"/>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.Helpers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Web.WebPages, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="30"/>
    </authentication>
    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="Database" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
      </providers>
    </membership>
    <pages controlRenderingCompatibilityVersion="4.0">
      <namespaces>
        <add namespace="System.Web.Helpers"/>
        <add namespace="System.Web.Mvc"/>
        <add namespace="System.Web.Mvc.Ajax"/>
        <add namespace="System.Web.Mvc.Html"/>
        <add namespace="System.Web.Routing"/>
        <add namespace="System.Web.WebPages"/>
        <add namespace="Microsoft.Web.Mvc"/>
        <add namespace="Tenido.Domain"/>
        <add namespace="Tenido.Web.Mvc.Controllers"/>
      </namespaces>
    </pages>
    <httpModules>
      <add name="ImageResizingModule" type="ImageResizer.InterceptModule"/>
    </httpModules>
  </system.web>

Chambliss answered 3/12, 2013 at 4:58 Comment(12)

Can you enable any tracing on the hosting provider servers? – Landel 3/12, 2013 at 5:5

Unfortunately, no, I can't enable tracing. I did submit a support ticket suggesting they do the same to help debug the problem. That was 8 hours ago, hope to hear back soon... – Chambliss 3/12, 2013 at 5:9

Is the box on the provider setup to redirect HTTP to HTTPS perhaps? – Byrom 3/12, 2013 at 5:21

This hosting plan doesn't include HTTPS. – Chambliss 3/12, 2013 at 6:30

can you share a fiddler trace? – Dorsman 3/12, 2013 at 7:37

can you show web.config <system.web> section ? – Gaussmeter 3/12, 2013 at 7:51

Try to change the action name? – Aircraftman 3/12, 2013 at 7:57

Just as an aside, you shouldn't really return views from a POST because it messes with the behaviour of the back button, among other things. Take a look at the Post-Redirect-Get pattern. – Hydrolytic 3/12, 2013 at 8:57

possible duplicate of POST requests fail when <sessionState cookieless="AutoDetect" /> is set – Marzi 6/7, 2015 at 13:38

The question is not full and it is the duplicate of #3524567 The answer is there. It is to send 'AspxAutoDetectCookieSupport=1' cookie to server or to disable it. Thanks! – Marzi 6/7, 2015 at 13:39

Having same issue here - dev and live work fine, on UAT I am having this and I'm losing my mind about it... – Redtop 27/1, 2017 at 10:30

It happened to me right after installing VS2019 i already had installed VS2013, but could not find solution – Boarish 29/10, 2020 at 22:26

After much back and forth, the hosting provider brought it to my attention that they don't support ASP.NET MVC 4, only up to 3. I'm not sure how or why they don't support the newer version, but that seems to be the root of the problem.

Needless to say, I moved to a host that supports the recent frameworks. Now the site works perfectly.

Chambliss answered 24/12, 2013 at 17:47 Comment(0)

Use AllowAnonymous attribute in your controller Method

[AllowAnonymous]
[HttpGet]
public ActionResult Index() {
    MyModel model = new MyModel();
    model.Debug += "GET Method";
    return View(model);
}

Hope it helps

Lob answered 3/12, 2013 at 7:31 Comment(1)

Thanks for the idea, but still producing the same result. – Chambliss 3/12, 2013 at 15:44

For me, we had error redirect configured for custom errors via web.config

<system.web> 
...  

 <customErrors mode="On" defaultRedirect="~/error/errorpage">
...

</customErrors>

It was doing a 302 after an internal error. Setting customErrors mode="Off" bubbled the error up all the way to the browser.

Cessation answered 15/5, 2017 at 14:30 Comment(0)

I had similliar problem.

What helped me was removing <authorization> tag from web.config.

It is not necessary for [Authorize] attributes and changed 302 to 404 code.

Gaussmeter answered 3/12, 2013 at 7:55 Comment(1)

Tried removing the <authorization> from web.config, but still produces same result. – Chambliss 3/12, 2013 at 14:41

I had similar problem. After removing Authorization tag from web.config, it worked for me. Not sure about the reason.

Ringnecked answered 12/8, 2015 at 6:49 Comment(0)

If using cookie based authentication make sure the cookie being returned for .AspNet.ApplicationCookie (or whatever the name is) matches the domain of the site you're on

What sometimes happens to me is the cookie domain is incorrect for the site I'm on (due to my aging clumsy multi-hosted environment) - and then despite being issued a new auth cookie the browser can't send it back during the redirect (because it's a different domain) so it then redirects back to the auth page.

Bellicose answered 2/7, 2019 at 18:10 Comment(0)

Update - web.config's

Recommended topics

Hot tags