ASP.net forms authentication redirect to log in page issue

Question

When I use:

FormsAuthentication.SignOut()
FormsAuthentication.RedirectToLoginPage()

The URL will show a ReturnUrl string, is this normal? Is there a way to prevent this?

I could just use a response.redirect, but was wondering why it shows the Return URL also.

Thanks

Answer 1

This is used when a user requests a secure url, they are then redirected back to this page after authenticating.

Take a look at this resource, very useful. Forms Authentication

As for removing this part of the URL, I don't think this is possible (but I haven't looked into it since it's a useful feature). You often get links to things such as news articles. You don't mind re-authenticating, but if you were to then just go to a random home page, that would be annoying, the desired action would be to have the site automatically redirect to the page you initially requested.

Edit: Another reason besides a direct link that you need to authenticate for, could be a scenario where you're reading a multi-page article, you click next page and the session has expired. You're taken back to the login page, authenticate and then return to the page you were reading. It would be undesirable to return to the homepage for you to search for that article again.

Answer 2

The FormsAuthentication.RedirectToLoginPage() documentation states that this method is for when you want to redirect the user to the login page, for example if a user logs out and wants to log back in as somebody else.

The returnurl is so that they are returned to the page they started on after a successful login.

It sounds like if you want them to go to the home page or some other url then you shouldn't use FormsAuthentication.RedirectToLoginPage() here. A response.redirect would be a fine alternative in my view.

To answer your question, it doesn't seem that there is a way to disable the ReturnUrl and still use FormsAuthentication.RedirectToLoginPage().