FormsAuthentication returnUrl issue

Posted on 2009-02-09
Last Modified: 2013-12-17
My originally requested url already contains a querystring variable called returnUrl so Forms Authentication becomes very confused when trying to figure out how to navigate back to the requested url after authenticating.

Anyone out there know how to customize formsAuthentication so the returnUrl querystring parameter is called say faReturnUrl instead?
Question by:MoreHeroic
    LVL 16

    Expert Comment

    Why dont you try and change the already existing parameter instead of the default aspx one? Is that not possible? Changing aspx one might not be possible.
    LVL 10

    Author Comment

    Yeah, the original one is coming out of an antiquated ISAPI filter and I don't want to muck about with it.
    LVL 33

    Accepted Solution

    I'd have to say no.  I looked at the source of the Microsoft classes, and "ReturnUrl" is hardcoded into the .dll.

    If you could override the FormsAuthentication class, you could do it, but they've declared it in such a way that you can't inherit from it.  I really don't see another option.

    I've attached the code below in case you wanted to see it.

    Friend Shared Function GetReturnUrl(ByVal useDefaultIfAbsent As Boolean) As String
        Dim current As HttpContext = HttpContext.Current
        Dim str As String = current.Request.QueryString.Item("ReturnUrl")
        If (str Is Nothing) Then
            str = current.Request.Form.Item("ReturnUrl")
            If ((Not String.IsNullOrEmpty(str) AndAlso Not str.Contains("/")) AndAlso str.Contains("%")) Then
                str = HttpUtility.UrlDecode(str)
            End If
        End If
        If ((Not String.IsNullOrEmpty(str) AndAlso Not FormsAuthentication.EnableCrossAppRedirects) AndAlso Not UrlPath.IsPathOnSameServer(str, current.Request.Url)) Then
            str = Nothing
        End If
        If (Not String.IsNullOrEmpty(str) AndAlso CrossSiteScriptingValidation.IsDangerousUrl(str)) Then
            Throw New HttpException(SR.GetString("Invalid_redirect_return_url"))
        End If
        If ((str Is Nothing) AndAlso useDefaultIfAbsent) Then
            Return FormsAuthentication.DefaultUrl
        End If
        Return str
    End Function

    Open in new window

    LVL 10

    Author Closing Comment

    Thank you.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
    IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now