FormsAuthentication without the '?ReturnUrl' variable

Discussion in 'ASP .Net Security' started by Itai, Aug 17, 2004.

  1. Itai

    Itai Guest

    Does anyone know if there is a way to prevent FormsAuthentication from
    adding the '?ReturnUrl' to the login page url ?

    I am always redirecting the user to a specific page upon successful
    logins.
    I *don't* wan't to redirect the user to the original page he was
    trying to access.

    I am using FormsAuthentication.SetAuthCookie followed by a
    Response.Redirect therefore, I do not need '?ReturnUrl'.

    I just think that removing this variable from the login page url makes
    it looks "cleaner" and does not lead to false expectations on behalf
    of techi users

    Thanks,

    -Itai
    Itai, Aug 17, 2004
    #1
    1. Advertising

  2. Itai

    Raterus Guest

    There is no way to remove it that I know of, one way around it is to set the login page in web.config to an intermediate page "blah.aspx", and on that page, you redirect to the login page, which will remove the ReturnURL, it is an extra step, but it should work.

    "Itai" <> wrote in message news:...
    > Does anyone know if there is a way to prevent FormsAuthentication from
    > adding the '?ReturnUrl' to the login page url ?
    >
    > I am always redirecting the user to a specific page upon successful
    > logins.
    > I *don't* wan't to redirect the user to the original page he was
    > trying to access.
    >
    > I am using FormsAuthentication.SetAuthCookie followed by a
    > Response.Redirect therefore, I do not need '?ReturnUrl'.
    >
    > I just think that removing this variable from the login page url makes
    > it looks "cleaner" and does not lead to false expectations on behalf
    > of techi users
    >
    > Thanks,
    >
    > -Itai
    Raterus, Aug 17, 2004
    #2
    1. Advertising

  3. Itai

    Itai Guest

    Thanks! but I figured out the following solution:


    /* Requires .NET Framework version 1.1 */
    /* All code in Global.asax.cs */


    // Create an event handler for the PreSendRequestHeaders event

    protected void PreSend_RequestHeaders(Object sender, EventArgs e)
    {
    string s = Response.RedirectLocation;

    // replace /login.aspx with your path
    if(s != null && s.StartsWith("http://localhost/login.aspx?ReturnUrl="))
    {
    Response.RedirectLocation ="http://localhost/login.aspx";
    }

    }


    //register the event handler

    private void InitializeComponent()
    {
    this.components = new System.ComponentModel.Container();

    // Just add this line
    this.PreSendRequestHeaders += new
    System.EventHandler(this.PreSend_RequestHeaders);
    }


    Note that on my test machine while running in debug mode I noticed
    that the event handler is called twice upon an attempt to access a
    secure path.
    The first time 'Response.RedirectLocation' contains the url with
    ‘?ReturnUrl=' and the second time it's null. I don't know why it works
    that way.
    Itai, Aug 17, 2004
    #3
  4. Itai

    Itai Guest

    Thanks! but I figured out the following solution:


    /* Requires .NET Framework version 1.1 */
    /* All code in Global.asax.cs */


    // Create an event handler for the PreSendRequestHeaders event

    protected void PreSend_RequestHeaders(Object sender, EventArgs e)
    {
    string s = Response.RedirectLocation;

    // replace /login.aspx with your path
    if(s != null && s.StartsWith("http://localhost/login.aspx?ReturnUrl="))
    {
    Response.RedirectLocation ="http://localhost/login.aspx";
    }

    }


    //register the event handler

    private void InitializeComponent()
    {
    this.components = new System.ComponentModel.Container();

    // Just add this line
    this.PreSendRequestHeaders += new
    System.EventHandler(this.PreSend_RequestHeaders);
    }


    Note that on my test machine while running in debug mode I noticed
    that the event handler is called twice upon an attempt to access a
    secure path.
    The first time 'Response.RedirectLocation' contains the url with
    ‘?ReturnUrl=' and the second time it's null. I don't know why it works
    that way.
    Itai, Aug 17, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tomk

    ReturnURL

    Tomk, Jan 23, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    672
  2. AC
    Replies:
    0
    Views:
    487
  3. VB Programmer
    Replies:
    1
    Views:
    978
    Steve C. Orr [MVP, MCSD]
    Dec 8, 2004
  4. tshad
    Replies:
    2
    Views:
    11,377
    tshad
    Jan 21, 2005
  5. =?Utf-8?B?Tm9yZW1hYw==?=

    FormsAuthentication ReturnUrl - need it to be Absolute

    =?Utf-8?B?Tm9yZW1hYw==?=, Sep 20, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    5,104
    =?Utf-8?B?Qm9iIFRoYXllcg==?=
    Mar 20, 2007
Loading...

Share This Page