FormsAuthentication And Query String Parameteres

Today I ran into this strange"feature" of ASP.NET:

When redirecting to the login page, the query string parameters are encoded with the requested URL into the ReturnUrl query string parameter of the request to the login page, but are also in the query string of the request to the login page.

Here is an example:

When requesting:

http://localhost:5014/FormsAuthentication/default.aspx?test=true

we are redirected to:

http://localhost:5014/FormsAuthentication/login.aspx?ReturnUrl=%2fFormsAuthentication%2fdefault.aspx%3ftest%3dtrue&test=true

See the test parameter?

As far as I know, this is not documented or overridable.

Published Friday, February 15, 2008 12:40 AM by Paulo Morgado
Filed under: , , ,

Comments

Friday, February 15, 2008 1:10 AM by Pages tagged "msdn"

# Pages tagged "msdn"

Pingback from  Pages tagged "msdn"

Friday, February 15, 2008 3:36 AM by Paulo Morgado

# re: FormsAuthentication And Query String Parameteres

Here is more info on this:

blogs.msdn.com/.../anatomy-of-forms-authentication-return-url.aspx

Thanks to Raj.

Leave a Comment

(required) 
(required) 
(optional)
(required)