OK, I must be missing something obvious here, but can't find an answer anywhere.
I'm using FormsAuthentication in .Net 4 on my local machine. When I try to access a secured page, .Net redirects me to login.aspx and appends ReturnUrl in the query string. E.g. /pages/security/login.aspx?ReturnUrl=%2fPages%2fFriends.aspx
When I log in with correct details, I'm not redirected to the ReturnUrl - instead I'm redirected to whatever is in the web.config defaultUrl parameter.
My web.config looks like this:
<authentication mode="Forms">
<forms loginUrl="/pages/security/login.aspx" defaultUrl="/default.aspx" timeout="129600" />
</authentication>
Here's the redirect line:
FormsAuthentication.RedirectFromLoginPage(userID.ToString(), rememberMe);
Whatever I put in defaultUrl in web.config is what I'm redirected to. In fact, that is also the value that is in FormsAuthenticaton.GetRedirectUrl when I check. It appears that .Net is ignoring the ReturnUrl, but I can't think why.
Any ideas?