Josh Close Josh Close - 4 months ago 50
ASP.NET (C#) Question

FormsAuthentication.GetRedirectUrl Always Returns the Default

I have an ASP.NET MVC app and am using Forms auth. When going to a page that requires authentication, meaning there is an [Authorize] attribute on the controller action, it redirects the user to the login page with a return url like

http://localhost/Login?ReturnUrl=/MyAuthorizedUrl
.

This is how my config is setup:

<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" defaultUrl="~/" />
</authentication>


This is how I'm getting the redirect url:

var url = FormsAuthentication.GetRedirectUrl( model.Email, model.RememberMe );


This always returns the default url.

What is causing this?

Answer

I assume you would like to get "MyAuthorizedUrl" as the result of FormsAuthentication.GetRedirectUrl?

You'll need to insert a hidden input field that mirrors ReturnUrl=/MyAuthorizedUrl, e.g. name="ReturnUrl" value="/MyAuthorizedUrl".

The reason is that the login page is requested via GET with the ReturnUrl, but the POST goes to /Login (without any parameters).

Alternatively change the form action attribute to include the ReturnUrl parameter.