Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Forms Authentication duplicating querystring parameters

Thread Tools

Forms Authentication duplicating querystring parameters
Posts: n/a
Hello all,

I'm having a problem using the ReturnUrl parameter while using
FormsAuthentication. If I already have some querystring parameters in
the url like this.


I now click a link to a secure page and I get redirected by
FormsAuthentication to the login page and I get this.

Login.aspx?ReturnUrl=/NonSecurePage.aspx?param1=value1&param2=value2&par am1=value1&param2=value2

Where this causes the first problem is in my BasePage class where I
have the following public properties.

public string Param1
get { this.param1 = this.Request.QueryString["param1"]; }

public string Param2
get { this.param2 = this.Request.QueryString["param2"]; }

With the duplicate parameters in the querystring the returned value for
each of the above variables is duplicated with a comma between the
values. This is very annoying at the least to deal with and in some
cases really causes problems.

The second problem that happens with this is that the value returned
from Request.QueryString["ReturnUrl"] looks like this.


So when the redirect is done the second parameter is missing.

Does anyone have any experience with this and how I might fix it? I
have done quite a bit of searching the web for solutions and haven't
found anyone else with this problem.

What do I do?

Reply With Quote
ytkaczyk ytkaczyk is offline
Junior Member
Join Date: Aug 2008
Posts: 2
I have the same issue. Have you found a solution?

Thank you,

Reply With Quote
ytkaczyk ytkaczyk is offline
Junior Member
Join Date: Aug 2008
Posts: 2
I found a fix to the issue at:
I tweaked the code slightly as:

 private const string kReturnUrl = "ReturnUrl";
  void Application_EndRequest(Object sender, EventArgs e)
       if (null!=Response.RedirectLocation && Response.RedirectLocation.Contains(kReturnUrl))
      Response.RedirectLocation = 
            Request.RawUrl.Substring(Request.RawUrl.IndexOf(kReturnUrl) + kReturnUrl.Length+1):
If you are not using the Microsoft AntiXss library, you can use the plain Asp.Net UrlEncode.


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
newbie: help with Forms Authentication & querystring Derrick ASP .Net 6 11-28-2011 07:17 AM
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms authentication duplicating ReturnURL AC ASP .Net 0 07-27-2004 02:10 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM