RedirectFromLoginPage ignores ReturnUrl

0
votes

OK, I must be missing something obvious here, but can't find an answer anywhere.

I'm using FormsAuthentication in .Net 4 on my local machine. When I try to access a secured page, .Net redirects me to login.aspx and appends ReturnUrl in the query string. E.g. /pages/security/login.aspx?ReturnUrl=%2fPages%2fFriends.aspx

When I log in with correct details, I'm not redirected to the ReturnUrl - instead I'm redirected to whatever is in the web.config defaultUrl parameter.

My web.config looks like this:

<authentication mode="Forms">
        <forms loginUrl="/pages/security/login.aspx" defaultUrl="/default.aspx" timeout="129600" />
    </authentication>

Here's the redirect line:

FormsAuthentication.RedirectFromLoginPage(userID.ToString(), rememberMe);

Whatever I put in defaultUrl in web.config is what I'm redirected to. In fact, that is also the value that is in FormsAuthenticaton.GetRedirectUrl when I check. It appears that .Net is ignoring the ReturnUrl, but I can't think why.

Any ideas?

1
asp.netauthenticationforms-authentication

1 Answers

0
votes

OK, this was a stupid oversight on my part, but thought I'd share the 'solution' with you as it might help others experiencing these symptoms.

The reason the query string was being stripped is that I had a line in my master page that was converting the form action to lower case, as part of an effort to avoid duplicate URLs for search engines. That line was updating the form action, but wasn't appending the query string.

So, if you're losing query string values on postback, check to make sure that the action value in your form tag contains that query string.