Link to home
Start Free TrialLog in
Avatar of Dys
Dys

asked on

ASP.NET FormsAuthentication.GetRedirectUrl Not Redirecting

I've got a problem with "FormsAuthentication.GetRedirectUrl" not properly redirecting to the page that I want. I'm using Win XP SP2 (IIS V5.1). My development platform is "MS Development Environment 2003 (Version 7.1.3088)" with "MS .NET Framework 1.1 (Version 1.1.4322 SP1)". I'm using an Access 2003 DB for test purposes.

I've created a small ASP.NET solution to test a login authentication. The application sits in the following folder - c:\inetpub\wwwroot\logintest\. In that folder I have two forms - LoginPage.aspx and PublicPage.aspx - and a web.config file. I also have a sub-folder called Secret (c:\inetpub\wwwroot\logintest\secret\). In that folder I have one form - PrivatePage.aspx - and a web.config file.

My start page is PublicPage.aspx. From there I use LoginPage.aspx to authenticate users to enter the PrivatePage.aspx. The login page has a RememberMe checkbox for cookie deposit.

Everything works fine if I use - FormsAuthentication.RedirectFromLoginPage (UserName.Text, RememberMe.Checked); - to redirect the user after authentication. However, I wanted to create a custom cookie instead of the standard "million year cookie" generated by "RedirectFromLoginPage", so I switched to - FormsAuthentication.GetRedirectUrl (UserName.Text, RememberMe.Checked); - and now my login will not redirect to the private page. It just stays on the login page. The custom cookie is created, but no redirect takes place.

Here is all my relevant code. In the "Button1_Click" procedure, the uncommented code works fine, the commented out code (which is the code I want) does not work:

********* LoginPage.aspx.cs (code behind) ****************

private void Button1_Click(object sender, System.EventArgs e)
{
      if (CustomAuthenticate (UserName.Text, Password.Text))
      {
            FormsAuthentication.RedirectFromLoginPage (UserName.Text, RememberMe.Checked);

            // HttpCookie cookie = FormsAuthentication.GetAuthCookie (UserName.Text, RememberMe.Checked);
            // cookie.Expires = DateTime.Now + new TimeSpan(6, 0, 0, 0);
            // cookie.Name = "LoginTest";
            // Response.Cookies.Add (cookie);
            // Response.Redirect (FormsAuthentication.GetRedirectUrl (UserName.Text, RememberMe.Checked));
      }
      else
            Output.Text = "Invalid login";
}

********* PublicPage.aspx.cs (code behind) ****************

private void Button1_Click(object sender, System.EventArgs e)
{
      Response.Redirect ("Secret/ProtectedPage.aspx");
}

********* Web.config (Public) ****************

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
     <system.web>
          <authentication mode="Forms">
               <forms loginUrl="LoginPage.aspx" />
          </authentication>
          <authorization>
               <allow users="?" />
          </authorization>
     </system.web>
</configuration>

********* Web.config (Private) ****************

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
     <system.web>
          <authorization>
               <deny users="?" />
          </authorization>
     </system.web>
</configuration>

********* returned URL ***************
This is the URL returned by "FormsAuthentication.GetRedirectUrl(UserName.Text, RememberMe.Checked).ToString();"

         /LoginTest/Secret/ProtectedPage.aspx

I've checked dozens of Google entries and many use the same code "GetRedirectUrl" that I'm trying - some claim it works, others are having the same problem as me with no solution in site.

Any help would be appreciated...
Avatar of Arvaris
Arvaris
Flag of United States of America image
I was having the same problem.  The FormsAuthentication.GetRedirectUrl essentially just checks the QueryString for the "ReturnUrl" value so I do this manually, first checking to make sure the "ReturnUrl" is present.

if (Request.QueryString["ReturnUrl"] != null)
{
   Response.Redirect(Request.QueryString["ReturnUrl"]);
}
else
{
   Response.Redirect(AppSettings.AppPath + "Home/Default.aspx");
}
Avatar of Dys
Dys

ASKER

I've tried something similar in various configurations and it still puts me back to the LoginPage.aspx. I tried your exact code with a path change and did not work. I've even tried just using the following code with nothing else and it still won't redirect:

Response.Redirect("Secret/ProtectedPage.aspx");

The only thing that works for me is:

FormsAuthentication.RedirectFromLoginPage (UserName.Text, RememberMe.Checked);
ASKER CERTIFIED SOLUTION
Avatar of Arvaris
Arvaris
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Dys
Dys

ASKER

Yes! The code works just fine after a couple of small changes. I had actually looked at this type of code several times in my Google search and discounted it before I tried it. Your suggestion brought me back to it.

Since the athentication cookie doesn't persist after the browser is closed, I also made one small addition to the code by adding this line just before adding the cookie to the cookies collection:

authenticationCookie.Expires = ticket.Expiration;

I got this from an MDSN post by Tosh Meston - http://blogs.msdn.com/tmeston/archive/2003/07/24/10505.aspx

Now my application is PERFECT! Well almost...

Thanks very much Arvaris!!