简体   繁体   中英

C# ASP.Net MVC: RedirectFromLoginPage always goes to default url, and not to returnurl

I have an MVC4 application with Membership logon (through FormsAuthentication).

This is defined in web.config as follows. My default url is home root (~/):

<roleManager enabled="true" />
<authentication mode="Forms">
  <forms defaultUrl="~" loginUrl="~/Account" />
</authentication>

In my AccountController in the Login post method, following code is relevant. This code is executed when the user clicks on the login with valid credentials.

if (Membership.ValidateUser(creds.Username, creds.Password))
{
    FormsAuthentication.RedirectFromLoginPage(creds.Username, false);
    return null;
}

Now, if I'm navigating (anonymously) to: ~/Admin, I get redirected to ~/Account to log in, which is perfect. I can see that the url is formed as follows:

http://localhost:23759/Account?ReturnUrl=%2fAdmin

But, when I succesfully login, I get redirected to home (~/) instead of ~/Admin

Please help! Many thanks!

Edit: Found the actual issue: it was the post method that wasn't receiving the querystring

I found the solution! Thanks to FlopScientist, who got me thinking further.

It was indeed because I was doing a POST method , which did not take the QueryString from the GET into account.

First I had this in my View:

@using (Html.BeginForm("Index", "Account")
{
    <div class="LoginBox">
    //Etc...
    </div>
}

I have updated it to following:

@using (Html.BeginForm("Index", "Account", new { ReturnUrl = Request.QueryString["ReturnUrl"] }, FormMethod.Post))
{
    //Etc...
}

Now I can actually see a querystring in my debug and I do get a correct redirect!

There doesn't seems any issue with your Return URL: [ %2f is / ] localhost:23759/Account?ReturnUrl=%2fAdmin

So, what remains is to do some checks as to what is causing such behaviour.

1.) Are you sure that the return page as specified in the return url:

localhost...?ReturnUrl=%2fAdmin

actually exists and your user has access to it?Here Admin is a folder, so you must have a page default.aspx inside this folder. If it does not exists, RedirectFromLoginPage by default will send you to DefaultURL .

2.) Also, Try using FormsAuthentication.GetRedirectUrl() method to see what happens.

if (Membership.ValidateUser(creds.Username, creds.Password))
{
    Response.Redirect(FormsAuthentication.GetRedirectUrl(username, false));
}

3.) OR does this works ? [ Recommended for debug purposes ]

if (!string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
{
    Response.Redirect("~/Admin");
}

Lastly make sure there are NO such code lines redirecting user to other pages/DefaultURL.

It probably because that path is not detected as same app path:

By default, the ReturnUrl variable must refer to a page within the current application. If ReturnUrl refers to a page in a different application or on a different server, the RedirectFromLoginPage method redirects to the URL in the DefaultUrl property. If you want to allow redirects to a page outside the current application, you must set the EnableCrossAppRedirects property to true using the enableCrossAppRedirects attribute of the forms configuration element.

from: http://msdn.microsoft.com/en-US/library/1f5z1yty.aspx

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM