I want to remove \"returnurl=/blabla\" from address bar when a user want to access to a login required page. Because I\'m trying to redirect the user to a static page after
You can use the HttpUtility.ParseQueryString to remove that element. If you use VB.NET then this code does this
Dim nvcQuery As NameValueCollection
Dim strQuery As String = ""
If Not IsNothing(Request.QueryString("ReturnUrl")) Then
If Request.QueryString("ReturnUrl").Length Then
nvcQuery = HttpUtility.ParseQueryString(Request.QueryString.ToString)
For Each strKey As String In nvcQuery.AllKeys
If strKey <> "ReturnUrl" Then
If strQuery.Length Then strQuery += "&"
strQuery += strKey + "=" + nvcQuery(strKey)
End If
Next
If strQuery.Length Then strQuery = "?" + strQuery
If Request.CurrentExecutionFilePath <> "/default.aspx" Then
Response.Redirect(Request.CurrentExecutionFilePath + strQuery)
Else
Response.Redirect("/" + strQuery)
End If
Response.Write(Server.HtmlEncode(strQuery))
End If
End If
I would put this in the Page.Init event - obviously you will need to change the "/default.aspx" to match the URL of your login page.
Add a location tag to your web.config
. If your page is in a subdirectory, add the web.config
to the subdirectory.
<location path="ForgotPassword.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
ASP will overlook adding the ReturnUrl
querystring and directing to login.
Create a custom Authorize Attribute
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(
AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
string loginUrl = "/"; // Default Login Url
filterContext.Result = new RedirectResult(loginUrl);
}
}
}
then use it on your controller
[CustomAuthorizeAttribute]
public ActionResult Login()
{
return View();
}
This is the nature of Forms Authentication. (which im guessing you're using).
That is, when you access a page which requires authentication, ASP.NET will redirect you to the login page, passing in the ReturnUrl as a parameter so you can be returned to the page you came from post-login.
To remove this functionality would break the semantics and design of Forms Authentication itself. (IMO)
My suggestion - if you dont need it, dont use it.
I'm trying to redirect the user to a static page after login to do some selections.
Piece of cake - after you've done your login, instead of doing FormsAuthentication.RedirectFromLoginPage (which uses that very ReturnUrl QueryString parameter), just use FormsAuthentication.SetAuthCookie and redirect wherever you want.
Simple...
[AllowAnonymous]
public ActionResult Login() { return View(); }
[AllowAnonymous]
public ActionResult LoginRedirect(){ return RedirectToAction("Login"); }
Webconfig
<authentication mode="Forms">
<forms loginUrl="~/Account/LoginRedirect" timeout="2880" />
</authentication>
Add this to your Global.asax file.
public class MvcApplication : HttpApplication {
private const String ReturnUrlRegexPattern = @"\?ReturnUrl=.*$";
public MvcApplication() {
PreSendRequestHeaders += MvcApplicationOnPreSendRequestHeaders;
}
private void MvcApplicationOnPreSendRequestHeaders( object sender, EventArgs e ) {
String redirectUrl = Response.RedirectLocation;
if ( String.IsNullOrEmpty(redirectUrl)
|| !Regex.IsMatch( redirectUrl, ReturnUrlRegexPattern ) ) {
return;
}
Response.RedirectLocation = Regex.Replace( redirectUrl,
ReturnUrlRegexPattern,
String.Empty );
}