C# ASP.Net MVC: RedirectFromLoginPage always goes to default url, and not to returnurl

c# asp.net asp.net-mvc-4 forms-authentication

15,579

Solution 1

I found the solution! Thanks to FlopScientist, who got me thinking further.

It was indeed because I was doing a POST method, which did not take the QueryString from the GET into account.

First I had this in my View:

@using (Html.BeginForm("Index", "Account")
{
    <div class="LoginBox">
    //Etc...
    </div>
}

I have updated it to following:

@using (Html.BeginForm("Index", "Account", new { ReturnUrl = Request.QueryString["ReturnUrl"] }, FormMethod.Post))
{
    //Etc...
}

Now I can actually see a querystring in my debug and I do get a correct redirect!

Solution 2

There doesn't seems any issue with your Return URL: [ %2f is / ] localhost:23759/Account?ReturnUrl=%2fAdmin

So, what remains is to do some checks as to what is causing such behaviour.

1.) Are you sure that the return page as specified in the return url:

localhost...?ReturnUrl=%2fAdmin

actually exists and your user has access to it?Here Admin is a folder, so you must have a page default.aspx inside this folder. If it does not exists, RedirectFromLoginPage by default will send you to DefaultURL.

2.) Also, Try using FormsAuthentication.GetRedirectUrl() method to see what happens.

if (Membership.ValidateUser(creds.Username, creds.Password))
{
    Response.Redirect(FormsAuthentication.GetRedirectUrl(username, false));
}

3.) OR does this works ? [ Recommended for debug purposes ]

if (!string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
{
    Response.Redirect("~/Admin");
}

Lastly make sure there are NO such code lines redirecting user to other pages/DefaultURL.

Solution 3

It probably because that path is not detected as same app path:

By default, the ReturnUrl variable must refer to a page within the current application. If ReturnUrl refers to a page in a different application or on a different server, the RedirectFromLoginPage method redirects to the URL in the DefaultUrl property. If you want to allow redirects to a page outside the current application, you must set the EnableCrossAppRedirects property to true using the enableCrossAppRedirects attribute of the forms configuration element.

from: http://msdn.microsoft.com/en-US/library/1f5z1yty.aspx

15,579

Author by

Recipe

Updated on June 04, 2022

Comments

Recipe almost 2 years
I have an MVC4 application with Membership logon (through FormsAuthentication).

This is defined in web.config as follows. My default url is home root (~/):
```
<roleManager enabled="true" />
<authentication mode="Forms">
  <forms defaultUrl="~" loginUrl="~/Account" />
</authentication>
```
In my AccountController in the Login post method, following code is relevant. This code is executed when the user clicks on the login with valid credentials.
```
if (Membership.ValidateUser(creds.Username, creds.Password))
{
    FormsAuthentication.RedirectFromLoginPage(creds.Username, false);
    return null;
}
```
Now, if I'm navigating (anonymously) to: ~/Admin, I get redirected to ~/Account to log in, which is perfect. I can see that the url is formed as follows:
```
http://localhost:23759/Account?ReturnUrl=%2fAdmin
```
But, when I succesfully login, I get redirected to home (~/) instead of ~/Admin

Please help! Many thanks!

Edit: Found the actual issue: it was the post method that wasn't receiving the querystring
Recipe over 10 years

I have updated my question with my findings to get better formatting.
Recipe over 10 years

Thanks for your suggestion. As stated in my question (updated), there seems to be something wrong with the querystring...
R.C over 10 years

Glad to know I helped you