Forms Authentication duplicating querystring parameters

Discussion in 'ASP .Net' started by mohaaron@gmail.com, Nov 10, 2006.

  1. Guest

    Hello all,

    I'm having a problem using the ReturnUrl parameter while using
    FormsAuthentication. If I already have some querystring parameters in
    the url like this.

    NonSecurePage.aspx?param1=value1&param2=value2

    I now click a link to a secure page and I get redirected by
    FormsAuthentication to the login page and I get this.

    Login.aspx?ReturnUrl=/NonSecurePage.aspx?param1=value1&param2=value2&param1=value1&param2=value2

    Where this causes the first problem is in my BasePage class where I
    have the following public properties.

    public string Param1
    {
    get { this.param1 = this.Request.QueryString["param1"]; }
    }

    public string Param2
    {
    get { this.param2 = this.Request.QueryString["param2"]; }
    }

    With the duplicate parameters in the querystring the returned value for
    each of the above variables is duplicated with a comma between the
    values. This is very annoying at the least to deal with and in some
    cases really causes problems.

    The second problem that happens with this is that the value returned
    from Request.QueryString["ReturnUrl"] looks like this.

    NonSecurePage.aspx?param1=value1

    So when the redirect is done the second parameter is missing.

    Does anyone have any experience with this and how I might fix it? I
    have done quite a bit of searching the web for solutions and haven't
    found anyone else with this problem.

    What do I do?
     
    , Nov 10, 2006
    #1
    1. Advertising

  2. ytkaczyk

    Joined:
    Aug 20, 2008
    Messages:
    2
    Same problem

    I have the same issue. Have you found a solution?

    Thank you,

    Yves
     
    ytkaczyk, Aug 20, 2008
    #2
    1. Advertising

  3. ytkaczyk

    Joined:
    Aug 20, 2008
    Messages:
    2
    Solution to the issue

    I found a fix to the issue at:
    http://knowledgebaseworld.blogspot.com/2008/05/duplicate-keyvalue-pair-in-querystring.html
    I tweaked the code slightly as:


    Code:
     private const string kReturnUrl = "ReturnUrl";
      void Application_EndRequest(Object sender, EventArgs e)
      {
           if (null!=Response.RedirectLocation && Response.RedirectLocation.Contains(kReturnUrl))
        { 
          Response.RedirectLocation = 
            string.Format(
              "{0}{2}={1}",
              Response.RedirectLocation.Remove(Response.RedirectLocation.IndexOf(kReturnUrl)),
              Microsoft.Security.Application.AntiXss.UrlEncode(
                Request.RawUrl.Contains(kReturnUrl)?
                Request.RawUrl.Substring(Request.RawUrl.IndexOf(kReturnUrl) + kReturnUrl.Length+1):
                Request.RawUrl),
              kReturnUrl); 
        }
      }
    If you are not using the Microsoft AntiXss library, you can use the plain Asp.Net UrlEncode.

    Regards,

    Yves
     
    ytkaczyk, Aug 20, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,497
    Tommy
    Feb 13, 2004
  2. AC
    Replies:
    0
    Views:
    526
  3. Derrick
    Replies:
    6
    Views:
    4,014
    navyjax2
    Nov 28, 2011
  4. Mehdi
    Replies:
    6
    Views:
    36,127
    sloan
    Apr 6, 2006
  5. Eric
    Replies:
    2
    Views:
    558
Loading...

Share This Page