How do I keep my Login.aspx page's ReturnUrl parameter from overriding my ASP.NET Login control's DestinationPageUrl property?
-
09-06-2019 - |
Question
I'm using the ASP.NET Login Controls and Forms Authentication for membership/credentials for an ASP.NET web application. I've got pages such as PasswordRecovery.aspx that are accessable to only Anonymous users. When I click my login link from such a page, the login page has a ReturnUrl parameter in the address bar:
http://www.example.com/Login.aspx?ReturnUrl=PasswordRecovery.aspx
And then after a successful login, users are returned to the PasswordRecovery.aspx page specified in the ReturnUrl parameter to which they no longer have access.
Solution
I found the answer on Velocity Reviews. I handled the LoggedIn event to force a redirection to the DestinationPageUrl page.
Public Partial Class Login
Inherits System.Web.UI.Page
Protected Sub Login1_LoggedIn(ByVal sender As Object, _
ByVal e As System.EventArgs) Handles Login1.LoggedIn
'overrides ReturnUrl page parameter
Response.Redirect(Login1.DestinationPageUrl)
End Sub
End Class
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow