FormsAuthentication without the '?ReturnUrl' variable

I

Itai

Does anyone know if there is a way to prevent FormsAuthentication from
adding the '?ReturnUrl' to the login page url ?

I am always redirecting the user to a specific page upon successful
logins.
I *don't* wan't to redirect the user to the original page he was
trying to access.

I am using FormsAuthentication.SetAuthCookie followed by a
Response.Redirect therefore, I do not need '?ReturnUrl'.

I just think that removing this variable from the login page url makes
it looks "cleaner" and does not lead to false expectations on behalf
of techi users

Thanks,

-Itai
 
R

Raterus

There is no way to remove it that I know of, one way around it is to set the login page in web.config to an intermediate page "blah.aspx", and on that page, you redirect to the login page, which will remove the ReturnURL, it is an extra step, but it should work.
 
I

Itai

Thanks! but I figured out the following solution:


/* Requires .NET Framework version 1.1 */
/* All code in Global.asax.cs */


// Create an event handler for the PreSendRequestHeaders event

protected void PreSend_RequestHeaders(Object sender, EventArgs e)
{
string s = Response.RedirectLocation;

// replace /login.aspx with your path
if(s != null && s.StartsWith("http://localhost/login.aspx?ReturnUrl="))
{
Response.RedirectLocation ="http://localhost/login.aspx";
}

}


//register the event handler

private void InitializeComponent()
{
this.components = new System.ComponentModel.Container();

// Just add this line
this.PreSendRequestHeaders += new
System.EventHandler(this.PreSend_RequestHeaders);
}


Note that on my test machine while running in debug mode I noticed
that the event handler is called twice upon an attempt to access a
secure path.
The first time 'Response.RedirectLocation' contains the url with
‘?ReturnUrl=' and the second time it's null. I don't know why it works
that way.
 
I

Itai

Thanks! but I figured out the following solution:


/* Requires .NET Framework version 1.1 */
/* All code in Global.asax.cs */


// Create an event handler for the PreSendRequestHeaders event

protected void PreSend_RequestHeaders(Object sender, EventArgs e)
{
string s = Response.RedirectLocation;

// replace /login.aspx with your path
if(s != null && s.StartsWith("http://localhost/login.aspx?ReturnUrl="))
{
Response.RedirectLocation ="http://localhost/login.aspx";
}

}


//register the event handler

private void InitializeComponent()
{
this.components = new System.ComponentModel.Container();

// Just add this line
this.PreSendRequestHeaders += new
System.EventHandler(this.PreSend_RequestHeaders);
}


Note that on my test machine while running in debug mode I noticed
that the event handler is called twice upon an attempt to access a
secure path.
The first time 'Response.RedirectLocation' contains the url with
‘?ReturnUrl=' and the second time it's null. I don't know why it works
that way.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ReturnURL 0
Redirect to login page with ReturnUrl 1
ReturnUrl Null 1
FormsAuthentication ReturnUrl - need it to be Absolute 3
remove "ReturnUrl=" from url 4
FormsAuthentication and Redirection fails 7
FormsAthenticaton -- Sometimes returnurl is not set 1
FormsAuthentication Access Rules Event 3

Members online

No members online now.
Total: 68 (members: 0, guests: 68)
Robots: 427

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top