FormsAuthentication.GetRedirectUrl Method (String, Boolean)
Returns the redirect URL for the original request that caused the redirect to the login page.
Assembly: System.Web (in System.Web.dll)
Public Shared Function GetRedirectUrl ( userName As String, createPersistentCookie As Boolean ) As String
Parameters
- userName
-
Type:
System.String
The name of the authenticated user.
- createPersistentCookie
-
Type:
System.Boolean
This parameter is ignored.
You can use this method when you want to perform the redirect in your application code instead of using the RedirectFromLoginPage method.
The GetRedirectUrl method returns the URL specified in the query string using the ReturnURL variable name. For example, in the URL http://www.contoso.com/login.aspx?ReturnUrl=caller.aspx, the GetRedirectUrl method returns the return URL caller.aspx. If the ReturnURL variable does not exist, the GetRedirectUrl method returns the URL in the DefaultUrl property.
ASP.NET automatically adds the return URL when the browser is redirected to the login page.
By default, the ReturnUrl variable must refer to a page within the current application. If ReturnUrl refers to a page in a different application or on a different server, the GetRedirectUrl methods returns the URL in the DefaultUrl property. If you want to allow the return URL to refer to a page outside the current application, you must set the EnableCrossAppRedirects property to true using the enableCrossAppRedirects attribute of the configuration element.
Security Note
|
|---|
Setting the EnableCrossAppRedirects property to true to allow cross-application redirects is a potential security threat. For more information, see the EnableCrossAppRedirects property. |
The following code example redirects authenticated users to the URL returned from the GetRedirectUrl method.
Security Note
|
|---|
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview. |
<%@ Page Language="VB" %> <%@ Import Namespace="System.Web.Security" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> Private Sub Login_Click(sender As Object, e As EventArgs) ' Create a custom FormsAuthenticationTicket containing ' application specific data for the user. Dim username As String = UserNameTextBox.Text Dim password As String = UserPassTextBox.Text Dim isPersistent As Boolean = False If Membership.ValidateUser(username, password) Then Dim userData As String = "ApplicationSpecific data for this user." Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _ username, _ DateTime.Now, _ DateTime.Now.AddMinutes(30), _ isPersistent, _ userData, _ FormsAuthentication.FormsCookiePath) ' Encrypt the ticket. Dim encTicket As String = FormsAuthentication.Encrypt(ticket) ' Create the cookie. Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, encTicket)) ' Redirect back to original URL. Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent)) Else Msg.Text = "Login failed. Please check your user name and password and try again." End If End Sub </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Forms Authentication Login</title> </head> <body> <form id="form1" runat="server"> <span style="BACKGROUND:#80ff80; font-weight:bold"> Login Page </span> <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br /> <table border="0"> <tbody> <tr> <td>Username:</td> <td><asp:TextBox id="UserNameTextBox" runat="server" /></td> <td> <asp:RequiredFieldValidator id="RequiredFieldValidator1" runat="server" ErrorMessage="*" Display="Static" ControlToValidate="UserNameTextBox" /> </td> </tr> <tr> <td>Password:</td> <td><asp:TextBox id="UserPassTextBox" TextMode="Password" runat="server" /></td> <td> <asp:RequiredFieldValidator id="RequiredFieldValidator2" runat="server" ErrorMessage="*" Display="Static" ControlToValidate="UserPassTextBox" /> </td> </tr> </tbody> </table> <input type="submit" value="Login" runat="server" onserverclick="Login_Click" /> </form> </body> </html>
Available since 1.1
.jpeg?cs-save-lang=1&cs-lang=vb)