MVC 3 Authorize attribute not working in action method

Question

In my web application I want to add authorization in certain action method in controller not on the whole controller. I added the following

  [Authorize]
  public ActionResult ManageResturant(long Id = 0)
  {
  }

and in web.config i added

<authentication mode="Forms" >
  <forms loginUrl="~/Auth/LogIn"/>
</authentication>

but when i go to that action method the page loads normally which is wrong i want the page to redirect to the login page

any suggestions?

Answer 1

Thanks John for your comment i really found the solution after your hint the problem was in my code

I use a session to store the logged in user with the use of FormsAuthentication to make sure all users are login to make the login link appears to them

the problem was when session expires the FormsAuthentication still validating the user as a logged in user so it appears that the user is logged out but in fact he is logged in using form authentication

so what i did OnActionExecuting method i make a check on session if its null i do logout for the user so in this case i make sure that the user is logged out

Answer 2

Settings looks ok, are you really sure that you are calling this Action? Don´t you have some another Action with name ManageResturant without [Authorize] annotation?