Forms Authentication issue with ReturnUrl

239 views
Skip to first unread message

paul....@communicatorcorp.com

unread,
May 16, 2007, 6:15:36 AM5/16/07
to PageMethods
We have a possible problem using PageMethods with forms
authentication.

On a page with a logout button (this is the built in LoginStatus
control in out instance) if you click that button you are logged out.
Ordinarily the framework will tag a ReturnUrl question string
paramater onto the Url so you can be redirected back to the page you
were on. Using this with PageMethods causes the ReturnUrl to have
duplicate PageMethod value and it's also not URL encoded to it fails
the PageMethods.Invoke after the user logs back in.

Does anyone know a solution to this problem?

Many thanks

Paul

Fabrice Marguerie

unread,
Jun 14, 2007, 2:53:15 PM6/14/07
to PageMethods
Hello Paul,

I haven't been able to reproduce your exact scenario, however I think
I see your problem.
What do you use for LogoutAction? Does your LoginStatus tag look like
this: <asp:LoginStatus ID="LoginStatus1" runat="server"
LogoutAction="Refresh" /> or something like this: <asp:LoginStatus
ID="LoginStatus1" runat="server" LogoutAction="Redirect"
LogoutPageUrl="~/" /> ?

In any case, ASP.NET's login controls use a ReturnUrl, but don't keep
the parameters in this URL. I see two solutions:
1) You can use default methods in your pages so they can be used
without the PageMethod parameter. See the technique in the FAQ (http://
metasapiens.com/PageMethods/faq/ -> "I have this page with page
methods, can I refer to it without any parameter on the URL? Is the
PageMethod parameter mandatory in URLs?")
2) Use LogoutAction="Redirect" and try to dynamically change the
LogoutPageUrl property of the LoginStatus control so it contains the
PageMethod parameter. This can be done as follows for example:
LoginStatus loginStatus =
(LoginStatus)LoginView1.FindControl("LoginStatus1");
if (loginStatus != null)
loginStatus.LogoutPageUrl = Request.RawUrl;
The same trick, may also be possible with the Login control. In this
latter case, you may look at the value of Request["ReturnUrl"] to
define the correct URL if possible.

Hope this helps,
Fabrice

Reply all
Reply to author
Forward
0 new messages