tags:

views:

46

answers:

1
Q: 

Forms Authentication & IIS7 (&MVC): Why ReturnUrl=/ is added?

When trying to access my site:

www.X.com

The browser changes the url to:

www.X.com/

The problem is that the result url is:

www.X.com/HomePage.aspx?ReturnUrl=/

(HomePage.aspx is the default page)

On IE: www.X.com/HomePage.aspx?ReturnUrl=%2f

For some reason the Forms Authentication treats / as a page that the user is trying to access and then gets redirects to: HomePage.aspx?ReturnUrl=/

How can I set the Forms Authentication (or the MVC routing) not to treat / as a page, so when accessing www.X.com it will not change the url?

The site runs on windows server 2008 IIS7, .NET 4.

(When running on IIS6 it didn't have this problem)

Web.config:

<authentication mode="Forms">
            <forms name=".AUTHCOOKIE" loginUrl="HomePage.aspx" defaultUrl="Loading.aspx" timeout="9480" />
  </authentication>

MVC Routing (not sure it’s related):

public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
        routes.IgnoreRoute("{resource}.aspx/{*pathInfo}");
        routes.IgnoreRoute("{resource}.ascx/{*pathInfo}");
        routes.IgnoreRoute("{resource}.ashx/{*pathInfo}");
        routes.IgnoreRoute("{resource}.gif/{*pathInfo}");

        routes.MapRoute("Actions", "A/{controller}/{action}", new { controller = "Tasks", action = "InitPage" });

    }

Thanks

Rafael

A: 

Actually, when you access http://www.x.com, you are requesting http://www.x.com/. When you get redirected to the validation form in IIS/.Net, RedirectTo= is always appended at the end of the URL, so that the server knows where do you wanted to go before your request was intercepted.

Or to put it another way: everything is working as expected. What's exactly what you want to do?

If it helps, I see two things "weird" with the code you included:

  • The Login page is called HomePage.aspx. That's... unusual (with that name, HomePage.aspx should be the page you go to after login, not the login page). Moreover, you mention MVC, but that's not a MVC route.
  • Your only route in Global.asax starts with "A/", so that http://www.x.com/ won't be captured by it. If your start page must be http://www.x.com/A/Tasks/InitPage, either make A a route parameter {whatever}, and assign it a default value, or create another MapRoute that captures the "/" request, and redirects to the correct path. Probably adding a Default.aspx to the project would work, but it would be very un-MVC.
salgiza  2010-06-23 10:57:01
SirMoreno  2010-06-23 11:48:28
Aaah! Then it's easy (I think). It's just that Homepage.aspx is not configured to be the default page returned by http://www.X.com (in IIS, you have just default.aspx, index.html, and a few variations). Because of that, "http://www.X.com/" != "http://www.X.com/HomePage.aspx", and you get the RedirectTo parameter appended.
salgiza  2010-06-23 12:03:06
Homepage.aspx is set as the default page (thats why it worked on IIS6)
SirMoreno  2010-06-23 12:13:49
For some reason IIS/Asp.net is not able to realize that "/" = "/Hompage.aspx" (the only time when the server doesn't redirect you to the full login URL + RedirectTo is when the URL is that of the login form). I can't tell you much more than that, however. If it helps, a solution for your problem might be making your homepage.aspx public, that way it wouldn't be IIS who redirects you to it, and the URL wouldn't change.
salgiza  2010-06-23 14:11:13
How can I make it public?
SirMoreno  2010-06-23 14:31:51
In this URL http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx you'll find an example of how to grant anonymous access to a specific file (Logon.aspx in the example, HomePage.aspx in yours). You just have to add an <allow> tag in your web.config, inside a <location> tag to specify that it only affects one page and not the whole site.
salgiza  2010-06-23 15:06:20

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?