How do I keep my Login.aspx page's ReturnUrl parameter from overriding my ASP.NET Login control's DestinationPageUrl property?

StackOverflow https://stackoverflow.com/questions/33166

  •  09-06-2019
  •  | 
  •  

Question

I'm using the ASP.NET Login Controls and Forms Authentication for membership/credentials for an ASP.NET web application. I've got pages such as PasswordRecovery.aspx that are accessable to only Anonymous users. When I click my login link from such a page, the login page has a ReturnUrl parameter in the address bar:

http://www.example.com/Login.aspx?ReturnUrl=PasswordRecovery.aspx

And then after a successful login, users are returned to the PasswordRecovery.aspx page specified in the ReturnUrl parameter to which they no longer have access.

Was it helpful?

Solution

I found the answer on Velocity Reviews. I handled the LoggedIn event to force a redirection to the DestinationPageUrl page.

Public Partial Class Login
    Inherits System.Web.UI.Page

    Protected Sub Login1_LoggedIn(ByVal sender As Object, _  
            ByVal e As System.EventArgs) Handles Login1.LoggedIn
        'overrides ReturnUrl page parameter
        Response.Redirect(Login1.DestinationPageUrl)
    End Sub

End Class
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top