asp.net MVC Hide url origin when login required

Question

I have an html page that requires "SuperAdmin" role in order to access it. Here is my web.config and all works well :

....
<handlers>
  <add name="HTMLHandler" type="System.Web.StaticFileHandler" path="*.html" verb="GET"  />
</handlers>
....
<location path="app/html/_superAdmin/Dashboards.html">
  <system.web>
    <authorization>
      <allow roles="SuperAdmin" />
    <deny users="*" />
    </authorization>
  </system.web>
</location>

The problem is the url string when the user is sent to login:

http://localhost:50138/Account/Login?ReturnUrl=%2Fapp%2Fhtml%2F_superAdmin%2FDashboards.html

I do not want the user to see "ReturnUrl=%2Fapp%2Fhtml%2F_superAdmin%2FDashboards.html".

How can I remove this querystring when the user is redirected to the login page.

Check [this post](http://stackoverflow.com/questions/3716153/how-to-remove-returnurl-from-url). There are several ways to remove the returnurl querystring in the answers, although none of them is a 5 minutes fix. If there's is no any specific security reason, I don't see too much benefit to remove the querystring comparing to the work need to be done. Are you simply willing to avoid the behavior that user will get redirected to the atempted page instead of your login page? — tweray, Apr 25 '14 at 18:49

score 0 · Answer 1 · answered Apr 25 '14 at 19:15

Unless anyone can come up with something more elegant, this worked:

    public ActionResult Login(string returnUrl)
    {
        ViewBag.ReturnUrl = returnUrl;
        try
        {
            if (returnUrl.Contains("_superAdmin"))
            {
                return RedirectToAction("Login", "Account", new { area = "" });
            }
        }
        catch (Exception)
        {
        }

        return View();
    }

asp.net MVC Hide url origin when login required

1 Answers1