I want to remove "returnurl=/blabla" from address bar when a user want to access to a login required page. Because I'm trying to redirect the user to a static page after login to do some selections.
How can I do that?
I want to remove "returnurl=/blabla" from address bar when a user want to access to a login required page. Because I'm trying to redirect the user to a static page after login to do some selections.
How can I do that?
This is the nature of Forms Authentication. (which im guessing you're using).
That is, when you access a page which requires authentication, ASP.NET will redirect you to the login page, passing in the ReturnUrl as a parameter so you can be returned to the page you came from post-login.
To remove this functionality would break the semantics and design of Forms Authentication itself. (IMO)
My suggestion - if you dont need it, dont use it.
I'm trying to redirect the user to a static page after login to do some selections.
Piece of cake - after you've done your login, instead of doing FormsAuthentication.RedirectFromLoginPage (which uses that very ReturnUrl QueryString parameter), just use FormsAuthentication.SetAuthCookie and redirect wherever you want.
Add this to your Global.asax file.
public class MvcApplication : HttpApplication {
private const String ReturnUrlRegexPattern = @"\?ReturnUrl=.*$";
public MvcApplication() {
PreSendRequestHeaders += MvcApplicationOnPreSendRequestHeaders;
}
private void MvcApplicationOnPreSendRequestHeaders( object sender, EventArgs e ) {
String redirectUrl = Response.RedirectLocation;
if ( String.IsNullOrEmpty(redirectUrl)
|| !Regex.IsMatch( redirectUrl, ReturnUrlRegexPattern ) ) {
return;
}
Response.RedirectLocation = Regex.Replace( redirectUrl,
ReturnUrlRegexPattern,
String.Empty );
}
Create a custom Authorize Attribute
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(
AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
string loginUrl = "/"; // Default Login Url
filterContext.Result = new RedirectResult(loginUrl);
}
}
}
then use it on your controller
[CustomAuthorizeAttribute]
public ActionResult Login()
{
return View();
}
Simple...
[AllowAnonymous]
public ActionResult Login() { return View(); }
[AllowAnonymous]
public ActionResult LoginRedirect(){ return RedirectToAction("Login"); }
Webconfig
<authentication mode="Forms">
<forms loginUrl="~/Account/LoginRedirect" timeout="2880" />
</authentication>
As RPM1984 pointed out, you don't have to redirect the user to the specified URL after signing in.
If it is imperative that you remove the ReturnUrl
querystring parameter there are a couple options. Probably the easiest is in your login web page / controller you'd check for the existence of a ReturnUrl
parameter in the Request.QueryStrings
collection. If it exists, you could do a redirect back to the login page, but without the ReturnUrl
.
Another option would be to create a custom implementation for the FormsAuthenticationModule
, which is the class that handles authenticating a user based on their form authentication ticket and is responsible for redirecting unauthorized users to the login page. Unfortunately, the FormsAuthenticationModule
class's methods are not virtual, so you can't create a derived class and override the methods needed, but the good news is that the class is pretty simple - just maybe 100-200 lines of code in total, and using Reflector you could quickly create your own custom FormsAuthenticationModule
class. If you go this route (which I wouldn't recommend), all that you'd need to do would be to take out the code in the OnLeave
method that tacks on the ReturnUrl
parameter. (In addition to modifying this class you'd also need to configure your Web.config file so that your application uses your custom FormsAuthenticationModule
class rather than the one in the .NET Framework.)
Happy Programming!
Add a location tag to your web.config
. If your page is in a subdirectory, add the web.config
to the subdirectory.
<location path="ForgotPassword.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
ASP will overlook adding the ReturnUrl
querystring and directing to login.
if you are using asp.net control loginstatus then click on login status control press f4( for properties) under behavior section we can see LogOutAction there select Return to Login page.
Note: In order to implement it successfully you must have a login page with name login.aspx
If you want to remove returnURL from request and redirect to specific path, you can follow this steps.
Firstly get the current context, verify if the user is authenticated and finally redirect the current path.
HttpContext context = HttpContext.Current;
//verify if the user is not authenticated
if (!context.User.Identity.IsAuthenticated)
{
//verify if the URL contains ReturnUrl
if (context.Request.Url.ToString().Contains("ReturnUrl"))
{
//redirect the current path
HttpContext.Current.Response.Redirect("~/login.aspx");
}
}
I put this code into Page_Load method from my class Login.aspx.cs
You can use the HttpUtility.ParseQueryString to remove that element. If you use VB.NET then this code does this
Dim nvcQuery As NameValueCollection
Dim strQuery As String = ""
If Not IsNothing(Request.QueryString("ReturnUrl")) Then
If Request.QueryString("ReturnUrl").Length Then
nvcQuery = HttpUtility.ParseQueryString(Request.QueryString.ToString)
For Each strKey As String In nvcQuery.AllKeys
If strKey <> "ReturnUrl" Then
If strQuery.Length Then strQuery += "&"
strQuery += strKey + "=" + nvcQuery(strKey)
End If
Next
If strQuery.Length Then strQuery = "?" + strQuery
If Request.CurrentExecutionFilePath <> "/default.aspx" Then
Response.Redirect(Request.CurrentExecutionFilePath + strQuery)
Else
Response.Redirect("/" + strQuery)
End If
Response.Write(Server.HtmlEncode(strQuery))
End If
End If
I would put this in the Page.Init event - obviously you will need to change the "/default.aspx" to match the URL of your login page.
void Application_BeginRequest(object s, EventArgs e)
{
// ................
// strip return Return Url
if (!string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]) && Request.Path.IndexOf("login.aspx")!=-1)
System.Web.HttpContext.Current.Response.Redirect("~/login.aspx");