A
Andy Fish
Hi,
I have an app in the 1.1 framework that uses forms authentication .
In the normal case, if the user requests a page and is not logged in, he is
redirected to the login page. However, I have noticed that if the original
request includes a parameter called "ReturnUrl", the server immediately
responds with a 401 error.
I realise that ReturnUrl is also the name of a parameter used by forms
authentication, but I don't see why this should cause any conflict, so it
seems this is simply a bug in the framework. I can't find any documentation
to say that ReturnUrl is a reserved name and cannot be used as an HTTP
request parameter.
Does anyone know of a workaround for this (apart from not having the
parameter called ReturnUrl)? are there any other parameter names I should
avoid?
TIA
Andy
I have an app in the 1.1 framework that uses forms authentication .
In the normal case, if the user requests a page and is not logged in, he is
redirected to the login page. However, I have noticed that if the original
request includes a parameter called "ReturnUrl", the server immediately
responds with a 401 error.
I realise that ReturnUrl is also the name of a parameter used by forms
authentication, but I don't see why this should cause any conflict, so it
seems this is simply a bug in the framework. I can't find any documentation
to say that ReturnUrl is a reserved name and cannot be used as an HTTP
request parameter.
Does anyone know of a workaround for this (apart from not having the
parameter called ReturnUrl)? are there any other parameter names I should
avoid?
TIA
Andy