I'm actually using ASP.Net MVC, but I think this applicable to ASP.Net as well.
Investigating how authorization works I've reached the conclusion that ASP.Net MVC generates an HttpUnauthorizedResult when the user is not authorized and should be. And then ASP.Net reads from my Web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication>
and generates the actual URL and redirect result. Or phrased in another way: Is it correct to say that the ASP.Net MVC application never generates the redirect URL?
My problem is that I want to add some stuff to the redirect URL but the only thing it seems I could do is catch the HttpUnauthorizedResult and generate the whole URL redirection from scratch. Maybe there's a method in ASP.Net that would give me the redirect based on my config file so that I don't have to read the config file myself?