0

When I use:

FormsAuthentication.SignOut()
FormsAuthentication.RedirectToLoginPage()

The URL will show a ReturnUrl string, is this normal? Is there a way to prevent this?

I could just use a response.redirect, but was wondering why it shows the Return URL also.

Thanks

  • it's normal and it that way because if you redirect to the login page it's because you need log in and once you are logged the app redirect you to the initial page that send you to the log in page – Zach dev Aug 12 '13 at 15:26
  • check out the answer here: http://stackoverflow.com/questions/3716153/how-to-remove-returnurl-from-url – lhan Aug 12 '13 at 15:27

2 Answers2

1

This is used when a user requests a secure url, they are then redirected back to this page after authenticating.

Take a look at this resource, very useful. Forms Authentication

As for removing this part of the URL, I don't think this is possible (but I haven't looked into it since it's a useful feature). You often get links to things such as news articles. You don't mind re-authenticating, but if you were to then just go to a random home page, that would be annoying, the desired action would be to have the site automatically redirect to the page you initially requested.

Edit: Another reason besides a direct link that you need to authenticate for, could be a scenario where you're reading a multi-page article, you click next page and the session has expired. You're taken back to the login page, authenticate and then return to the page you were reading. It would be undesirable to return to the homepage for you to search for that article again.

Christian Phillips
  • 18,399
  • 8
  • 53
  • 82
0

The FormsAuthentication.RedirectToLoginPage() documentation states that this method is for when you want to redirect the user to the login page, for example if a user logs out and wants to log back in as somebody else.

The returnurl is so that they are returned to the page they started on after a successful login.

It sounds like if you want them to go to the home page or some other url then you shouldn't use FormsAuthentication.RedirectToLoginPage() here. A response.redirect would be a fine alternative in my view.

To answer your question, it doesn't seem that there is a way to disable the ReturnUrl and still use FormsAuthentication.RedirectToLoginPage().

rtpHarry
  • 13,019
  • 4
  • 43
  • 64
  • That makes sense, I understood the reason for the ReturnURL and its uses. Just didn't understand why a user would want to log out assuming that a different user would possibly log in but then return to another user's previous page. –  Aug 12 '13 at 15:34
  • @Jrags87, what do you mean by another users previous page? – Christian Phillips Aug 12 '13 at 16:13
  • I guess I don't quite understand why you would want to call a Redirect to log in page, only so they can be brought back to the previous page they were visiting. –  Aug 12 '13 at 16:25
  • @Jrags87, I've given an explanation in my answer, too much to type here. – Christian Phillips Aug 12 '13 at 21:01