I want to remove "returnurl=/blabla" from address bar when a user want to access to a login required page. Because I'm trying to redirect the user to a static page after login to do some selections.
How can I do that?
+1
A:
Modify the code in your login page so that it doesn't do the redirect to the returnurl?
Clicktricity
2010-09-15 10:14:06
+3
A:
This is the nature of Forms Authentication. (which im guessing you're using).
That is, when you access a page which requires authentication, ASP.NET will redirect you to the login page, passing in the ReturnUrl as a parameter so you can be returned to the page you came from post-login.
To remove this functionality would break the semantics and design of Forms Authentication itself. (IMO)
My suggestion - if you dont need it, dont use it.
I'm trying to redirect the user to a static page after login to do some selections.
Piece of cake - after you've done your login, instead of doing FormsAuthentication.RedirectFromLoginPage (which uses that very ReturnUrl QueryString parameter), just use FormsAuthentication.SetAuthCookie and redirect wherever you want.
RPM1984
2010-09-15 10:16:17
FormsAuthentication.SetAuthCookie is what I'm doing right now.I just want to remove it from address bar.
yapiskan
2010-09-15 19:57:11
Then my first comment stands - you may as well not use Forms Authentication at all. There is no easy way to do this (that i know of). Remebering ANY page can redirect to the login page (and ASP.NET does this). Only way i can think of is to hook into a Global.asax event and rewrite the URL. Why do you care if the URL is there?
RPM1984
2010-09-15 21:58:34
and that comment contradicts your comment "Because I'm trying to redirect the user to a static page after login to do some selections.". The ReturnURL will not prevent you from doing your own redirect after login, UNLESS you're using RedirectFromLoginPage, which you have said you arent. So i dont know what youre issue is. How is the ReturnUrl preventing you from doing a redirect?
RPM1984
2010-09-15 21:59:34
A:
As RPM1984 pointed out, you don't have to redirect the user to the specified URL after signing in.
If it is imperative that you remove the ReturnUrl querystring parameter there are a couple options. Probably the easiest is in your login web page / controller you'd check for the existence of a ReturnUrl parameter in the Request.QueryStrings collection. If it exists, you could do a redirect back to the login page, but without the ReturnUrl.
Another option would be to create a custom implementation for the FormsAuthenticationModule, which is the class that handles authenticating a user based on their form authentication ticket and is responsible for redirecting unauthorized users to the login page. Unfortunately, the FormsAuthenticationModule class's methods are not virtual, so you can't create a derived class and override the methods needed, but the good news is that the class is pretty simple - just maybe 100-200 lines of code in total, and using Reflector you could quickly create your own custom FormsAuthenticationModule class. If you go this route (which I wouldn't recommend), all that you'd need to do would be to take out the code in the OnLeave method that tacks on the ReturnUrl parameter. (In addition to modifying this class you'd also need to configure your Web.config file so that your application uses your custom FormsAuthenticationModule class rather than the one in the .NET Framework.)
Happy Programming!
Scott Mitchell
2010-09-15 22:57:43