I have a asp.net website which uses forms authentication. When i provide a link to a secure page on the website in a Microsoft Word document it sets a return URL even when i'm already logged in to the website. This means i am redirected to the login page which then directs me to the unauthorised access page even though i am authorised to see the page.
My web.config code:
<authentication mode="Forms">
<forms protection="All" requireSSL="true" name="BSOAuthCookie" loginUrl="~/Login/Login.aspx" defaultUrl="~/secure/securepage.aspx" cookieless="UseCookies" timeout="30" />
</authentication>
This is the code in the page load of my login page to redirect me to the unauthorsied access page:
If Request.IsAuthenticated AndAlso Not String.IsNullOrEmpty(Request.QueryString("ReturnUrl")) Then
' This is an unauthorized, authenticated request...
Response.Redirect("~/UnauthorisedAccess.aspx")
End If
If i put the same link in an email and i click it appears to work fine.