Digital Colony!

Override ReturnURL in ASP.NET Security

When using FormsAuthentication and a logged out user tries to enter a secured page that page name is appended to the ReturnUrl. After the user has been authenticated, the user is redirected to that page.

I had no problem with this feature until I timed out and hit my LogOff page. I wasn't authenticated to see the LogOff page, so it appended that page URL to the ReturnURL and sent me the LogOn page. Once I logged in, it redirected me back to the LogOff page, which promptly logged me out.

I decided it would be easier to pick the start page for the user, regardless of what the ReturnUrl parameter was. Instead of using FormsAuthentication.RedirectFromLoginPage, use FormsAuthentication.SetAuthCookie and handle the Redirect yourself. 
if (FormsAuthentication.Authenticate(txtName.Text, txtPassword.Text))
{
    FormsAuthentication.SetAuthCookie(txtName.Text, true);
    Response.Redirect("MySecuredStartPage.aspx", true);              
}

Labels: , ,

posted by MAS at 5/01/2007 | 1 comments

 

Digital Colony Copyright © 1999-2008 XHTML   508
This site uses Blogger, which is not 100% XHTML compliant.
Try...Catch Disclaimer: For brevity many examples do not include error handling. That is your responsibility.