Login logic problem
I've noticed a problem with the login logic in the beerhouse example. Forgive me if this has already been covered, but I couldn't find it in this forum anywhere. Here's the problem:
If I come in unauthenticated and try to go to the admin page, I get the AccessDenied.aspx page with ReturnUrl="[path]/Admin/Default.aspx" (or whatever the encoded version of that is).
Ok, so far so good here. However, if I then try to log in with the wrong credentials, I am again returned to the AccessDenied.aspx page, only this time ReturnUrl="[path]/AccessDenied.aspx?ReturnUrl=[path]/Admin/Default.aspx". So, the problem now is that if I go ahead and enter the right credentials, I get returned to the AccessDenied page again, but now I'm authenticated, so it just tells me that I'm not authorized for the page.
I think the solution to this is to change the FailureAction attribute of the Login control to "Refresh" since you want it to stay on the same page and not redirect to AccessDenied since you may already be there. However, doing this will mean you'll never see the AccessDenied page for an invalid login, which means you'll need to use the Access Denied message built into the login control itself. Either that or figure out some way to switch the FailureAction from Refresh to RedirectToLoginPage if you're not on the AccessDenied page already.