Override ReturnURL in ASP.NET Security (DigitalColony.com)

<<Home

Override ReturnURL in ASP.NET Security

When using FormsAuthentication and a logged out user tries to enter a secured page that page name is appended to the ReturnUrl. After the user has been authenticated, the user is redirected to that page.

I had no problem with this feature until I timed out and hit my LogOff page. I wasn't authenticated to see the LogOff page, so it appended that page URL to the ReturnURL and sent me the LogOn page. Once I logged in, it redirected me back to the LogOff page, which promptly logged me out.

I decided it would be easier to pick the start page for the user, regardless of what the ReturnUrl parameter was. Instead of using FormsAuthentication.RedirectFromLoginPage, use FormsAuthentication.SetAuthCookie and handle the Redirect yourself.

if (FormsAuthentication.Authenticate(txtName.Text, txtPassword.Text))
{
    FormsAuthentication.SetAuthCookie(txtName.Text, true);
    Response.Redirect("MySecuredStartPage.aspx", true);              
}

Labels: Csharp, FormsAuthentication, Security

1 Comments:

Anonymous said...

Or you could add a "location path=logoff.aspx" section to your web.config so your logoff page would not require re-authentication.

10/22/2007 12:23 PM

Digital Colony Copyright © 1999-2009 XHTML 508
This site uses Blogger, which is not 100% XHTML compliant.
Try...Catch Disclaimer: For brevity many examples do not include error handling. That is your responsibility.

About

Labs

Labels

Projects

Book Store

Previous Posts

<<Home

Override ReturnURL in ASP.NET Security

1 Comments: