Cannot post action including ReturnUrl on login with trailingslashes and attribute routing

[HugCoder]

So the problem I'm facing is with boilerplate and mvc 5. I have managed to get Identity working etc. but if I authorize an action that then returns me to the login page, this is just fine on get.
e.g. if I go to /admin/ without being logged in, I get redirected to
"/admin/account/login/?returnurl=%2fadmin%2f"
and this does display the login page just fine, but with

@using (Html.BeginForm(AccountControllerAction.Login, ControllerName.Account, new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { role = "form" }))

the actionurl becomes "/admin/account/login/?ReturnUrl=%2Fadmin%2F"
If I submit the form I keep returning to the login page, as if I'm redirected there, and no I'm not logged in either. Basically it cannot find the route it's posting to. The Get it can find though, which is strange?

As I said I can login normally if I'm at just "/admin/account/login/", because then the action is the same.

The problem seems to be that it cannot find the correct route. I'm using attribute routing and have followed the Boilerplate samples that were in there to start and then built upon that to add new constant routes and action values.
For the login it looks like this (with [RoutePrefix("admin/account")] ):
[HttpPost, ActionName(AccountControllerAction.Login)]
[AllowAnonymous]
[ValidateAntiForgeryToken]
[Route("login", Name = AccountControllerRoute.PostLogin)]
public async Task PostLogin(LoginViewModel model, string returnUrl)

I have tried various setups using [NoTrailingSlash]
and also in the RouteConfig.cs I tried things like this:
routes.MapRoute(
"Login",
"admin/account/postlogin/{anything}",
new { controller = "account", action = "postlogin" },
new { anything = @"^(?ReturnUrl=.)?$" }
);
but nothing has worked where I can keep trailing slashes.

The only thing that has "worked" is if I set
routes.AppendTrailingSlash = false;
and then also use [NoTrailingSlash] on the postlogin.
This does affect all the pages though and all my AJAX calls etc have get their trailing slashes stripped etc., which is really annoying.

Maybe I could solve this by using a form post using javascript/AJAX instead but I think it's weird that I cannot get this working. I assume it has to do with attribute routing but perhaps I'm just missing something as I implemented the Identity stuff myself into the Boilerplate template, but maybe you or someone else know how to solve this?

[RehanSaeed]

Notice that the /admin/account/login/?ReturnUrl=%2Fadmin%2F URL has an upper-case character in it 'R'. The RedirectToCanonicalUrlAttribute filter will cause anything without a trailing slash or anything with upper-case characters to be redirected to a URL without those things (Note that these are the default settings when you create a new project but can be changed. Alternatively you can also remove the filter altogether).

FYI, your code is hard to read. Take a look here on how to format it.

[HugCoder]

Thanks for the answer and sorry for the formatting.

Yeah, but I just tried a few things, e.g. changing new { ReturnUrl = ViewBag.ReturnUrl } to new { returnurl = ViewBag.ReturnUrl } in Html.BeginForm and also changed in Startup.Auth.cs under UseCookieAuthentication to ReturnUrlParameter = "returnurl", as well as the action parameters from string returnUrl to string returnurl but that still didn't work. It did change the action url to lowercase, so it did something but on post it couldn't find the action.

I came up with the idea to add the return url parameter to the formdata instead by adding a hidden element @Html.Hidden("returnurl", new { returnurl = ViewBag.ReturnUrl }) and removing new { returnurl = ViewBag.ReturnUrl } from the Html.BeginForm. This makes the action url to always be /admin/account/login/ but also sends the return url for the public async Task<ActionResult> PostLogin(LoginViewModel model, string returnurl) action to pickup. The string parameter doesn't need to have the same casing, I can rename it to string ReturnUrl and it still picks up the hidden formdata returnurl.

Not sure if there are any errors or flaws in this approach, from a security standpoint or something else, but to me it seems more robust to always post to the same actionurl?

[RehanSaeed]

Using a hidden form field can be a useful way to get information back to the server in a round trip if you are already using a form. You should also be able to use the query string though. I'm not entirely clear on what the problem is without a code sample.

[rashedmahamud]

http://localhost:1934/Admin
how can I redirect this admin to the login page? Now it takes me to the index page of Admin.

routes.MapRoute(
name: "Admin", // Route name
url: "admin/{id}",
defaults: new { controller = "Admin", action = "login" });

        routes.MapRoute(
            name: "Default",
            url: "{controller}/{action}/{id}",
            defaults: new { controller = "Home", action = "index", id = UrlParameter.Optional }
        );

[RehanSaeed]

Use the Redirect method in your controller and pass the name of the route you have mapped along with any parameters required by the route.

Consider using attribute routing with named routes, it makes things easier. There is very good documentation on the ASP.NET website.