I want to remove “returnurl=/blabla” from address bar when a user want to access to a login required page. Because I’m trying to redirect the user to a static page after login to do some selections.
How can I do that?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
This is the nature of Forms Authentication. (which im guessing you’re using).
That is, when you access a page which requires authentication, ASP.NET will redirect you to the login page, passing in the ReturnUrl as a parameter so you can be returned to the page you came from post-login.
To remove this functionality would break the semantics and design of Forms Authentication itself. (IMO)
My suggestion – if you dont need it, dont use it.
I’m trying to redirect the user to a
static page after login to do some
selections.
Piece of cake – after you’ve done your login, instead of doing FormsAuthentication.RedirectFromLoginPage (which uses that very ReturnUrl QueryString parameter), just use FormsAuthentication.SetAuthCookie and redirect wherever you want.
Method 2
Add this to your Global.asax file.
public class MvcApplication : HttpApplication {
private const String ReturnUrlRegexPattern = @"?ReturnUrl=.*$";
public MvcApplication() {
PreSendRequestHeaders += MvcApplicationOnPreSendRequestHeaders;
}
private void MvcApplicationOnPreSendRequestHeaders( object sender, EventArgs e ) {
String redirectUrl = Response.RedirectLocation;
if ( String.IsNullOrEmpty(redirectUrl)
|| !Regex.IsMatch( redirectUrl, ReturnUrlRegexPattern ) ) {
return;
}
Response.RedirectLocation = Regex.Replace( redirectUrl,
ReturnUrlRegexPattern,
String.Empty );
}
Method 3
Create a custom Authorize Attribute
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(
AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
string loginUrl = "/"; // Default Login Url
filterContext.Result = new RedirectResult(loginUrl);
}
}
}
then use it on your controller
[CustomAuthorizeAttribute]
public ActionResult Login()
{
return View();
}
Method 4
Simple…
[AllowAnonymous]
public ActionResult Login() { return View(); }
[AllowAnonymous]
public ActionResult LoginRedirect(){ return RedirectToAction("Login"); }
Webconfig
<authentication mode="Forms">
<forms loginUrl="~/Account/LoginRedirect" timeout="2880" />
</authentication>
Method 5
As RPM1984 pointed out, you don’t have to redirect the user to the specified URL after signing in.
If it is imperative that you remove the ReturnUrl querystring parameter there are a couple options. Probably the easiest is in your login web page / controller you’d check for the existence of a ReturnUrl parameter in the Request.QueryStrings collection. If it exists, you could do a redirect back to the login page, but without the ReturnUrl.
Another option would be to create a custom implementation for the FormsAuthenticationModule, which is the class that handles authenticating a user based on their form authentication ticket and is responsible for redirecting unauthorized users to the login page. Unfortunately, the FormsAuthenticationModule class’s methods are not virtual, so you can’t create a derived class and override the methods needed, but the good news is that the class is pretty simple – just maybe 100-200 lines of code in total, and using Reflector you could quickly create your own custom FormsAuthenticationModule class. If you go this route (which I wouldn’t recommend), all that you’d need to do would be to take out the code in the OnLeave method that tacks on the ReturnUrl parameter. (In addition to modifying this class you’d also need to configure your Web.config file so that your application uses your custom FormsAuthenticationModule class rather than the one in the .NET Framework.)
Happy Programming!
Method 6
Add a location tag to your web.config. If your page is in a subdirectory, add the web.config to the subdirectory.
<location path="ForgotPassword.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
ASP will overlook adding the ReturnUrl querystring and directing to login.
Method 7
if you are using asp.net control loginstatus then click on login status control press f4( for properties) under behavior section we can see LogOutAction there select Return to Login page.
Note: In order to implement it successfully you must have a login page with name login.aspx
Method 8
If you want to remove returnURL from request and redirect to specific path, you can follow this steps.
Firstly get the current context, verify if the user is authenticated and finally redirect the current path.
HttpContext context = HttpContext.Current;
//verify if the user is not authenticated
if (!context.User.Identity.IsAuthenticated)
{
//verify if the URL contains ReturnUrl
if (context.Request.Url.ToString().Contains("ReturnUrl"))
{
//redirect the current path
HttpContext.Current.Response.Redirect("~/login.aspx");
}
}
I put this code into Page_Load method from my class Login.aspx.cs
Method 9
You can use the HttpUtility.ParseQueryString to remove that element. If you use VB.NET then this code does this
Dim nvcQuery As NameValueCollection
Dim strQuery As String = ""
If Not IsNothing(Request.QueryString("ReturnUrl")) Then
If Request.QueryString("ReturnUrl").Length Then
nvcQuery = HttpUtility.ParseQueryString(Request.QueryString.ToString)
For Each strKey As String In nvcQuery.AllKeys
If strKey <> "ReturnUrl" Then
If strQuery.Length Then strQuery += "&"
strQuery += strKey + "=" + nvcQuery(strKey)
End If
Next
If strQuery.Length Then strQuery = "?" + strQuery
If Request.CurrentExecutionFilePath <> "/default.aspx" Then
Response.Redirect(Request.CurrentExecutionFilePath + strQuery)
Else
Response.Redirect("/" + strQuery)
End If
Response.Write(Server.HtmlEncode(strQuery))
End If
End If
I would put this in the Page.Init event – obviously you will need to change the “/default.aspx” to match the URL of your login page.
Method 10
void Application_BeginRequest(object s, EventArgs e)
{
// ................
// strip return Return Url
if (!string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]) && Request.Path.IndexOf("login.aspx")!=-1)
System.Web.HttpContext.Current.Response.Redirect("~/login.aspx");
Method 11
In the loginUrl of the forms authentication configuration element use a proxy target such as “relogin.aspx”.
When this “relogin.aspx” page is loaded, redirect to “login.aspx” without supplying the ReturnUrl in the query string.
Now the “login.aspx” page won’t have the ReturnUrl in the address. ta-da!
If the return URL value is required for a post-login action you’ll need to find another way to pass it to the real login page.
Use FormsAuthentication.SetAuthCookie after authentication (instead of RedirectFromLoginPage which would use the returnUrl configuration) and explicitly redirect as relevant.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0
