FormaAuthentication.GetRedirectURL Does not return absolute URL

[Mariam]

Hi, all,
We have mutiple ASP.NET web applications and setup on
mutiple web servers (win2k, .netframework 1.1). All the
web applications are setup to use Forms authentication.
All the applications will be sent to the same application
to get authenticated (the authentication tag and the
machienkey tag have all been setup properly) and then
supposely, redirect back to the originated URL after
getting authenticated.

My problem is: The FormsAuthentication.GetRedirectURL
method always returns a relative url rather than an
absolute one. I.e. it returns /folder/page.aspx rather
than http://from.site.com/folder/asp.aspx.

Does anyone know why and is there anything (maybe in the
registry) I can set to force it to return the absolute URL?

I know I can do some workaround in the global.asax. But is
there other nice way?

Thanks a million for the help!
Mariam

 

[Hermit Dave]

i am using absolute url for login across different applications...

say your authentication app is under
http://localhost/secure/

your apps are
http://localhost/app1
http://localhost/app2
the webconfig for the two app's loginurl should point to
http://localhost/secure/login.aspx
what i do is manual redirection... after setting the ticket... you might
want to have a look at my reply to forms authentication post
the returnURL passed to the http://localhost/secure/login.aspx is absolute
and i dont use redirect of formsauthentication.. instead... do a manual
response.redirect if i find returnURL

hth

 

[Mariam Sheikholeslam]

Hi, Dave,

Thanks for your response. I am doing manual redirect as well.

Before I redirect, I get the redirect URL through
string strURL = FormsAuthentication.GetRedicrectUrl(username,false);
Then I do
Response.Redirect(strURL);

Yes. Your senario works since different applications are different
virtual directories on the same machine. An relative URL will work (that
is how my apps in the dev enviroment. They work perfectly).

Did you trace the returnUrl value? does it have http://xxxx/ in it? Mine
does not have.

My senario is like this:
Secure application is at: http://secure.mycompany.com/
The application that using the secure application is at
http://app1.mycompany.com/. They are on two different machines.

Now I request a page from app1, newpage.aspx, so I was redirected to
http://secure.mycompany.com/ for lgoin. But the ReturnURL in the quesry
string shows newpage.aspx, rather than
http://app1.mycompany.com/newpage.aspx.

How did you get http://app1.mycompany.com into the returnURL.

I saw some posts say that in the beta version the ReturnURL was
absolute. But when in the release version, it is relative ...

Any suggestions?

 

[Hermit Dave]

http://localhost/WebAdmin/Login.aspx?ReturnUrl=/webshop/shopAdmin/Index.aspx

as you can see it does not... i would probably like to try and upload it and
see how it behaves on two different server
they are supposed to go on two different servers... give me half an hour...
have to make a small change... will try it out.

hopefully it should work... i have some urls that steven passed on to me...
lemme get hold of them....

#Forms Authentication Across Applications
http://msdn.microsoft.com/library/e...thenticationacrossapplications.asp?frame=true

let me know how you get on... and i will give it a try as soon as i am done
with that change

 

[Mariam Sheikholeslam]

Dave,

Checked the URL you sent. That is exactly how I setup the web.config for
all the applications.

All the loginUrl are set to http://secure.mycompany.com/login.aspx. The
step for going to the login page for getting authenticated, no problem.
The problem is for redirecting back to the originated page: ReturnURL is
not absolute.

I wish Microsoft has a little bit more detail on GetRedirectUrl, etc.
Thanks so much for your help.
Mariam

 

[Hermit Dave]

Mariam,

Bit stuck with creating a handler at the moment.. throwing some stupid
"Invalid Parameter User"... trying to figure out where the problems
occuring...

i will try and get it working... did you try reading the referrer value
request object when the request comes to login.aspx ?

might be worth a try... sorry cant be helpful more (have to get the handler
working before i can upload it)

 

[Hermit Dave]

just gave urlReferrer a try... atleast didnt work with me.... didnt fetch
anything...

 

[Hermit Dave]

http://www.dotnet247.com/247reference/msgs/26/131123.aspx

looks like its not all that simple....
you are right the returnURL has dir/page info....

and that it could potentially redirect to a /dir/page if found in that
app....

can make it work by setting up a redir all the way... but i would rather
look around for more info cause that a lame solution...

need a coffee and something to eat... half past one in the morning....

 

[Mariam Sheikholeslam]

Dave,

Thanks so much. I have tried URLRefer before. It does not contains
value. That is because the page was never loaded before redirecetd to
the login page.

I guess the only solution is to use the workaround.

Thanks again for your help. Please let me know if you have any new
discovery.

Thanks,
Mariam

 

[Hermit Dave]

You are welcome... plus i was not just doing it for you... i have to get the
same thing working... so you can say that it was a bit selfish of me...

i will get on to it soon enough.. the handler's almost sorted... will post
it if i find anything...