4

When you use ASP.NET's Form Authentication, a query string key would be passed to login page, which is named "ReturnUrl".

For example, if you're not logged in already and you want to see a secure page like http://www.example.com/securepage.aspx, you would be redirected to:

http://www.example.com/login.aspx?ReturnUrl=securepage.aspx

(Or something like that, I'm not pretty sure about ReturnUrl value).

Now, Is there a way to change this ReturnUrl name, to something like path for example? Do we have a kind of configuration in web.config for that?

Saeed Neamati
  • 35,341
  • 41
  • 136
  • 188
  • Not to be rude but is there any specific reason why you'd want to change this? – Kane Sep 28 '11 at 10:28
  • 1
    This question was asked in an ASP.NET MVC context, but the answers all apply - http://stackoverflow.com/questions/6970126/how-can-i-change-the-name-of-the-returnurl-parameter-used-by-asp-net-mvc . You would need to implement Routing to make use of the Accepted workaround there though. – Kasaku Sep 28 '11 at 10:33
  • 1
    Yeah, for 3 reasons: 1) Knowing more about ASP.NET, 2) This key is really ugly, and I do care about the beauty of my URLs, 3) Just want to use this key in other places (SSO) and need to make'em read from a single repository – Saeed Neamati Sep 28 '11 at 10:34

5 Answers5

6

Add this key to the appSettings section of your web.config

<add key="aspnet:FormsAuthReturnUrlVar" value="path" />
Fabian Vilers
  • 2,892
  • 2
  • 24
  • 30
  • This changes the URL to use after login, not the query string passed to the login page: https://msdn.microsoft.com/en-us/library/hh975440(v=vs.120).aspx – nickwesselman Nov 23 '15 at 23:07
4

Probably in the easy way you can't do this, because it's hardcoded constant inside of System.Web assembly:

internal static string GetReturnUrl(bool useDefaultIfAbsent)
{
  FormsAuthentication.Initialize();
  HttpContext current = HttpContext.Current;
  string str = current.Request.QueryString["ReturnUrl"];
  // ....
}

But probably you can use some Url rewriting.

Also, check this post on SO: rewrite url. asp.net c#

Community
  • 1
  • 1
Samich
  • 29,157
  • 6
  • 68
  • 77
1

The FormsAuthentication class is sealed which means you cannot inherit and override from it. Also, it is hard coded to read the request["RETURNURL"] query string parameter.

Why would you want to?

Matthew Abbott
  • 60,571
  • 9
  • 104
  • 129
0

I just want to provide reason why we need to change this parameter name (web form scenario):

I also need to change the "ReturnUrl" for mocking up authentication when creating plugin for umbraco.

umbraco is using membership api and their login.aspx is using "redir" instead of "ReturnUrl", in order to make my solution as small as possible and as independent as possible from umbraco, I need to mock up the workflow for authentication.

Since I cannot change this parameter name, well.... I'll have to readjust.

kite
  • 1,478
  • 1
  • 15
  • 27
0

Of course you can change it. Just add a Global.asax to your project and change the Response.RedirectLocation property during the Application_EndRequest event.

DaveShaw
  • 52,123
  • 16
  • 112
  • 141
Wade
  • 44
  • 1