FormsAuthentication returnUrl issue

My originally requested url already contains a querystring variable called returnUrl so Forms Authentication becomes very confused when trying to figure out how to navigate back to the requested url after authenticating.

Anyone out there know how to customize formsAuthentication so the returnUrl querystring parameter is called say faReturnUrl instead?
LVL 10
MoreHeroicAsked:
Who is Participating?
 
raterusConnect With a Mentor Commented:
I'd have to say no.  I looked at the source of the Microsoft classes, and "ReturnUrl" is hardcoded into the .dll.

If you could override the FormsAuthentication class, you could do it, but they've declared it in such a way that you can't inherit from it.  I really don't see another option.

I've attached the code below in case you wanted to see it.


Friend Shared Function GetReturnUrl(ByVal useDefaultIfAbsent As Boolean) As String
    FormsAuthentication.Initialize
    Dim current As HttpContext = HttpContext.Current
    Dim str As String = current.Request.QueryString.Item("ReturnUrl")
    If (str Is Nothing) Then
        str = current.Request.Form.Item("ReturnUrl")
        If ((Not String.IsNullOrEmpty(str) AndAlso Not str.Contains("/")) AndAlso str.Contains("%")) Then
            str = HttpUtility.UrlDecode(str)
        End If
    End If
    If ((Not String.IsNullOrEmpty(str) AndAlso Not FormsAuthentication.EnableCrossAppRedirects) AndAlso Not UrlPath.IsPathOnSameServer(str, current.Request.Url)) Then
        str = Nothing
    End If
    If (Not String.IsNullOrEmpty(str) AndAlso CrossSiteScriptingValidation.IsDangerousUrl(str)) Then
        Throw New HttpException(SR.GetString("Invalid_redirect_return_url"))
    End If
    If ((str Is Nothing) AndAlso useDefaultIfAbsent) Then
        Return FormsAuthentication.DefaultUrl
    End If
    Return str
End Function

Open in new window

0
 
sunithnairCommented:
Why dont you try and change the already existing parameter instead of the default aspx one? Is that not possible? Changing aspx one might not be possible.
0
 
MoreHeroicAuthor Commented:
Yeah, the original one is coming out of an antiquated ISAPI filter and I don't want to muck about with it.
0
 
MoreHeroicAuthor Commented:
Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.