10

Using this method after the SignOut() call redirects to '...login.aspx?ReturnUrl=%2fmydomainname%2flogout.aspx' so that the user can't log back in again, since a successful login returns to the logout page. The login page is set in webconfig and the app successfully gets that page. Why would a ReturnURL be stuck on the tail of the URL?

Greg
  • 16,540
  • 9
  • 51
  • 97
Greg
  • 125
  • 1
  • 5

3 Answers3

17

This is how RedirectFromLoginPage works. It appends the current URL to the query string of the login page. This way, the login page can redirect the user back to the place he where.

If you don't want this to happen, you can manually redirect to the login page using Response.Redirect.

Mehrdad Afshari
  • 414,610
  • 91
  • 852
  • 789
  • 3
    To mimic FormsAuthentication behaviour without having ReturnUrl, call `Response.Redirect(FormsAuthentication.LoginUrl, false);` – Frédéric May 22 '13 at 13:17
  • 3
    And add after that a call to `HttpContext.Current.ApplicationInstance.CompleteRequest()` – Frédéric May 22 '13 at 13:44
  • Apparently the best practice would be to never use FormsAuthentication.RedirectToLogin() from within a Logout page that logs the user out. Further, there is a recommended sequence of methods to call in a logout page that ensures that all FormsAuthentication artifacts are cleared - See http://stackoverflow.com/questions/412300/formsauthentication-signout-does-not-log-the-user-out – qxotk Jul 27 '16 at 22:15
1

use this code on logout

<asp:LoginStatus ID="LoginStatus1" runat="server" LogoutPageUrl="/xyz.aspx" LogoutAction="Redirect" />
dana
  • 17,267
  • 6
  • 64
  • 88
imran
  • 11
  • 1
  • Could you please [edit] in an explanation of why this code answers the question? Code-only answers are [discouraged](http://meta.stackexchange.com/q/148272/274165), because they don't teach the solution. (This post was flagged by at least one user, presumably because they thought an answer without explanation should be deleted.) – Nathan Tuggy Jun 19 '15 at 00:20
0

Not sure if this helps, but according to the docs there is also an overloaded FormsAuthentication.RedirectToLoginPage Method which takes a string and "redirects the browser to the login URL with the specified query string".

See http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.redirecttologinpage.aspx

jamesfm
  • 869
  • 1
  • 9
  • 17