__Scenario__: Converted the default MVC template generated to only use attribute routing.
__Issue__: I am seeing that when I am trying to change password for an existing user, the request is being sent to the Get method of the Account controller's Manage action instead of the Post action of Manage.
__AccountController with attribute routing__:
```
//
// GET: /Account/Manage
[Route("Manage")]
public ActionResult Manage(ManageMessageId? message)
{
ViewBag.StatusMessage =
message == ManageMessageId.ChangePasswordSuccess ? "Your password has been changed."
: message == ManageMessageId.SetPasswordSuccess ? "Your password has been set."
: message == ManageMessageId.RemoveLoginSuccess ? "The external login was removed."
: message == ManageMessageId.Error ? "An error has occurred."
: "";
ViewBag.HasLocalPassword = HasPassword();
ViewBag.ReturnUrl = Url.Action("Manage");
return View();
}
//
// POST: /Account/Manage
[Route("Manage")]
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Manage(ManageUserViewModel model)
{
string userName = User.Identity.GetUserName();
bool hasLocalLogin = HasPassword();
ViewBag.HasLocalPassword = hasLocalLogin;
ViewBag.ReturnUrl = Url.Action("Manage");
if (hasLocalLogin)
{
if (ModelState.IsValid)
{
IdentityResult result = await IdentityManager.Users.ChangePasswordAsync(userName, model.OldPassword, model.NewPassword);
if (result.Success)
{
return RedirectToAction("Manage", new { Message = ManageMessageId.ChangePasswordSuccess });
}
else
{
AddErrors(result);
}
}
}
else
{
// User does not have a local password so remove any validation errors caused by a missing OldPassword field
ModelState state = ModelState["OldPassword"];
if (state != null)
{
state.Errors.Clear();
}
if (ModelState.IsValid)
{
IdentityResult result = await IdentityManager.Users.UpdatePasswordAsync(userName, model.NewPassword);
if (result.Success)
{
return RedirectToAction("Manage", new { Message = ManageMessageId.SetPasswordSuccess });
}
else
{
AddErrors(result);
}
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
```
Following is how a route table would look like (excluded other routes not related to this discussion) when mvc attribute routing is used_:
Notice that the 1st route here does not have a constraint.
```
config.Routes.MapRoute("routeName", "Account/Manage", new { controller = "Account", action = "Manage" }, new { }, new { TargetActionMethod = "System.Web.Mvc.ActionResult Manage(System.Nullable`1[WebApplication77.Controllers.AccountController+ManageMessageId])" });
config.Routes.MapRoute("routeName", "Account/Manage", new { controller = "Account", action = "Manage" }, new { httpMethod = HttpMethodConstraints[POST] }, new { TargetActionMethod = "System.Threading.Tasks.Task`1[System.Web.Mvc.ActionResult] Manage(WebApplication77.Models.ManageUserViewModel)" });
config.Routes.MapRoute("routeName", "Account/Login", new { controller = "Account", action = "Login" }, new { }, new { TargetActionMethod = "System.Web.Mvc.ActionResult Login(System.String)" });
config.Routes.MapRoute("routeName", "Account/Login", new { controller = "Account", action = "Login" }, new { httpMethod = HttpMethodConstraints[POST] }, new { TargetActionMethod = "System.Threading.Tasks.Task`1[System.Web.Mvc.ActionResult] Login(WebApplication77.Models.LoginViewModel, System.String)" });
config.Routes.MapRoute("routeName", "Account/Register", new { controller = "Account", action = "Register" }, new { httpMethod = HttpMethodConstraints[POST] }, new { TargetActionMethod = "System.Threading.Tasks.Task`1[System.Web.Mvc.ActionResult] Register(WebApplication77.Models.RegisterViewModel)" });
config.Routes.MapRoute("routeName", "Account/Register", new { controller = "Account", action = "Register" }, new { }, new { TargetActionMethod = "System.Web.Mvc.ActionResult Register()" });
```
__Issue__: I am seeing that when I am trying to change password for an existing user, the request is being sent to the Get method of the Account controller's Manage action instead of the Post action of Manage.
__AccountController with attribute routing__:
```
//
// GET: /Account/Manage
[Route("Manage")]
public ActionResult Manage(ManageMessageId? message)
{
ViewBag.StatusMessage =
message == ManageMessageId.ChangePasswordSuccess ? "Your password has been changed."
: message == ManageMessageId.SetPasswordSuccess ? "Your password has been set."
: message == ManageMessageId.RemoveLoginSuccess ? "The external login was removed."
: message == ManageMessageId.Error ? "An error has occurred."
: "";
ViewBag.HasLocalPassword = HasPassword();
ViewBag.ReturnUrl = Url.Action("Manage");
return View();
}
//
// POST: /Account/Manage
[Route("Manage")]
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Manage(ManageUserViewModel model)
{
string userName = User.Identity.GetUserName();
bool hasLocalLogin = HasPassword();
ViewBag.HasLocalPassword = hasLocalLogin;
ViewBag.ReturnUrl = Url.Action("Manage");
if (hasLocalLogin)
{
if (ModelState.IsValid)
{
IdentityResult result = await IdentityManager.Users.ChangePasswordAsync(userName, model.OldPassword, model.NewPassword);
if (result.Success)
{
return RedirectToAction("Manage", new { Message = ManageMessageId.ChangePasswordSuccess });
}
else
{
AddErrors(result);
}
}
}
else
{
// User does not have a local password so remove any validation errors caused by a missing OldPassword field
ModelState state = ModelState["OldPassword"];
if (state != null)
{
state.Errors.Clear();
}
if (ModelState.IsValid)
{
IdentityResult result = await IdentityManager.Users.UpdatePasswordAsync(userName, model.NewPassword);
if (result.Success)
{
return RedirectToAction("Manage", new { Message = ManageMessageId.SetPasswordSuccess });
}
else
{
AddErrors(result);
}
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
```
Following is how a route table would look like (excluded other routes not related to this discussion) when mvc attribute routing is used_:
Notice that the 1st route here does not have a constraint.
```
config.Routes.MapRoute("routeName", "Account/Manage", new { controller = "Account", action = "Manage" }, new { }, new { TargetActionMethod = "System.Web.Mvc.ActionResult Manage(System.Nullable`1[WebApplication77.Controllers.AccountController+ManageMessageId])" });
config.Routes.MapRoute("routeName", "Account/Manage", new { controller = "Account", action = "Manage" }, new { httpMethod = HttpMethodConstraints[POST] }, new { TargetActionMethod = "System.Threading.Tasks.Task`1[System.Web.Mvc.ActionResult] Manage(WebApplication77.Models.ManageUserViewModel)" });
config.Routes.MapRoute("routeName", "Account/Login", new { controller = "Account", action = "Login" }, new { }, new { TargetActionMethod = "System.Web.Mvc.ActionResult Login(System.String)" });
config.Routes.MapRoute("routeName", "Account/Login", new { controller = "Account", action = "Login" }, new { httpMethod = HttpMethodConstraints[POST] }, new { TargetActionMethod = "System.Threading.Tasks.Task`1[System.Web.Mvc.ActionResult] Login(WebApplication77.Models.LoginViewModel, System.String)" });
config.Routes.MapRoute("routeName", "Account/Register", new { controller = "Account", action = "Register" }, new { httpMethod = HttpMethodConstraints[POST] }, new { TargetActionMethod = "System.Threading.Tasks.Task`1[System.Web.Mvc.ActionResult] Register(WebApplication77.Models.RegisterViewModel)" });
config.Routes.MapRoute("routeName", "Account/Register", new { controller = "Account", action = "Register" }, new { }, new { TargetActionMethod = "System.Web.Mvc.ActionResult Register()" });
```