While this question is old, I had the same problem and found a solution.
Originally, I had added the same AuthorizationAttribute filter, and found myself in the same loop. I then took it away and began adding the authorize attribute to individual controllers, and found that the infinite loop only happened when adding the authorize attribute to my home controller. It turns out my HomeController
was getting called after my AccountController
.
The Problem
In my _Layout.cshtml
, I was calling the following:
@Html.Action("LeftNav", "Home")
The layout page would correctly render the body, but when it got to this, it was hitting a controller method that had an authorization attribute. This caused the redirect to the Account/Login
.
Adding the AllowAnonymous
attribute to the LeftNav
action resolved the issue.
The Solution
Make sure your Login
view and layouts do not call any actions that have an authorize attribute.
Since discovering this, I've created a custom layout for my unauthorized requests to avoid any more potential issues like this.