• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 991
  • Last Modified:

FormsAuthentication returnUrl issue

My originally requested url already contains a querystring variable called returnUrl so Forms Authentication becomes very confused when trying to figure out how to navigate back to the requested url after authenticating.

Anyone out there know how to customize formsAuthentication so the returnUrl querystring parameter is called say faReturnUrl instead?
0
MoreHeroic
Asked:
MoreHeroic
  • 2
1 Solution
 
sunithnairCommented:
Why dont you try and change the already existing parameter instead of the default aspx one? Is that not possible? Changing aspx one might not be possible.
0
 
MoreHeroicAuthor Commented:
Yeah, the original one is coming out of an antiquated ISAPI filter and I don't want to muck about with it.
0
 
raterusCommented:
I'd have to say no.  I looked at the source of the Microsoft classes, and "ReturnUrl" is hardcoded into the .dll.

If you could override the FormsAuthentication class, you could do it, but they've declared it in such a way that you can't inherit from it.  I really don't see another option.

I've attached the code below in case you wanted to see it.


Friend Shared Function GetReturnUrl(ByVal useDefaultIfAbsent As Boolean) As String
    FormsAuthentication.Initialize
    Dim current As HttpContext = HttpContext.Current
    Dim str As String = current.Request.QueryString.Item("ReturnUrl")
    If (str Is Nothing) Then
        str = current.Request.Form.Item("ReturnUrl")
        If ((Not String.IsNullOrEmpty(str) AndAlso Not str.Contains("/")) AndAlso str.Contains("%")) Then
            str = HttpUtility.UrlDecode(str)
        End If
    End If
    If ((Not String.IsNullOrEmpty(str) AndAlso Not FormsAuthentication.EnableCrossAppRedirects) AndAlso Not UrlPath.IsPathOnSameServer(str, current.Request.Url)) Then
        str = Nothing
    End If
    If (Not String.IsNullOrEmpty(str) AndAlso CrossSiteScriptingValidation.IsDangerousUrl(str)) Then
        Throw New HttpException(SR.GetString("Invalid_redirect_return_url"))
    End If
    If ((str Is Nothing) AndAlso useDefaultIfAbsent) Then
        Return FormsAuthentication.DefaultUrl
    End If
    Return str
End Function

Open in new window

0
 
MoreHeroicAuthor Commented:
Thank you.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now