Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

FormsAuthentication.RedirectFromLoginPage Method (String, Boolean, String)

Redirects an authenticated user back to the originally requested URL or the default URL using the specified cookie path for the forms-authentication cookie.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)
public static void RedirectFromLoginPage(
	string userName,
	bool createPersistentCookie,
	string strCookiePath
)

Parameters

userName
Type: System.String

The authenticated user name.

createPersistentCookie
Type: System.Boolean

true to create a durable cookie (one that is saved across browser sessions); otherwise, false.

strCookiePath
Type: System.String

The cookie path for the forms-authentication ticket.

ExceptionCondition
HttpException

The return URL specified in the query string contains a protocol other than HTTP: or HTTPS:.

The RedirectFromLoginPage method redirects to the return URL specified in the query string using the ReturnURL variable name. For example, in the URL http://www.contoso.com/login.aspx?ReturnUrl=caller.aspx, the RedirectFromLoginPage method redirects tothe return URL caller.aspx. If the ReturnURL variable does not exist, the RedirectFromLoginPage method redirects to the URL in the DefaultUrl property.

ASP.NET automatically adds the return URL when the browser is redirected to the login page.

By default, the ReturnUrl variable must refer to a page within the current application. If ReturnUrl refers to a page in a different application or on a different server, the RedirectFromLoginPage method redirects to the URL in the DefaultUrl property. If you want to allow redirects to a page outside the current application, you must set the EnableCrossAppRedirects property to true using the enableCrossAppRedirects attribute of the forms configuration element.

Security noteSecurity Note

Setting the EnableCrossAppRedirects property to true to allow cross-application redirects is a potential security threat. For more information, see the EnableCrossAppRedirects property.

If the CookiesSupported property is true, and either the ReturnUrl variable is within the current application or the EnableCrossAppRedirects property is true, then the RedirectFromLoginPage method issues an authentication ticket and places it in the cookie specified by the strCookiePath parameter using the SetAuthCookie method.

If CookiesSupported is false and the redirect path is to a URL in the current application, the ticket is issued as part of the redirect URL. If CookiesSupported is false, EnableCrossAppRedirects is true, and the redirect URL does not refer to a page within the current application, the RedirectFromLoginPage method issues an authentication ticket and places it in the QueryString property.

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.