Go Back   Velocity Reviews > Newsgroups > ASP Net
Forms Authentication duplicating querystring parameters Forms Authentication duplicating querystring parameters
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

ASP Net - Forms Authentication duplicating querystring parameters
 
Thread Tools Search this Thread
Old 11-10-2006, 07:45 PM   #1
Default Forms Authentication duplicating querystring parameters


Hello all,

I'm having a problem using the ReturnUrl parameter while using
FormsAuthentication. If I already have some querystring parameters in
the url like this.

NonSecurePage.aspx?param1=value1&param2=value2

I now click a link to a secure page and I get redirected by
FormsAuthentication to the login page and I get this.

Login.aspx?ReturnUrl=/NonSecurePage.aspx?param1=value1&param2=value2&par am1=value1&param2=value2

Where this causes the first problem is in my BasePage class where I
have the following public properties.

public string Param1
{
get { this.param1 = this.Request.QueryString["param1"]; }
}

public string Param2
{
get { this.param2 = this.Request.QueryString["param2"]; }
}

With the duplicate parameters in the querystring the returned value for
each of the above variables is duplicated with a comma between the
values. This is very annoying at the least to deal with and in some
cases really causes problems.

The second problem that happens with this is that the value returned
from Request.QueryString["ReturnUrl"] looks like this.

NonSecurePage.aspx?param1=value1

So when the redirect is done the second parameter is missing.

Does anyone have any experience with this and how I might fix it? I
have done quite a bit of searching the web for solutions and haven't
found anyone else with this problem.

What do I do?



mohaaron@gmail.com
  Reply With Quote
Old 08-20-2008, 07:23 PM   #2
ytkaczyk
Junior Member
 
Join Date: Aug 2008
Posts: 2
Default Same problem
I have the same issue. Have you found a solution?

Thank you,

Yves


ytkaczyk
ytkaczyk is offline   Reply With Quote
Old 08-20-2008, 08:28 PM   #3
ytkaczyk
Junior Member
 
Join Date: Aug 2008
Posts: 2
Default Solution to the issue
I found a fix to the issue at:
http://knowledgebaseworld.blogspot.c...erystring.html
I tweaked the code slightly as:


Code:
 private const string kReturnUrl = "ReturnUrl";
  void Application_EndRequest(Object sender, EventArgs e)
  {
       if (null!=Response.RedirectLocation && Response.RedirectLocation.Contains(kReturnUrl))
    { 
      Response.RedirectLocation = 
        string.Format(
          "{0}{2}={1}",
          Response.RedirectLocation.Remove(Response.RedirectLocation.IndexOf(kReturnUrl)),
          Microsoft.Security.Application.AntiXss.UrlEncode(
            Request.RawUrl.Contains(kReturnUrl)?
            Request.RawUrl.Substring(Request.RawUrl.IndexOf(kReturnUrl) + kReturnUrl.Length+1):
            Request.RawUrl),
          kReturnUrl); 
    }
  }

If you are not using the Microsoft AntiXss library, you can use the plain Asp.Net UrlEncode.

Regards,

Yves


ytkaczyk
ytkaczyk is offline   Reply With Quote
Reply

« How to set commandTimeout for ObjectDataSource (ASP.NET 2.0)? | Re: performance problems ASP.NET »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Contact Us - - Archive - Privacy Statement - Top


SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46