Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

forced ReturnUrl=

15 views
Skip to first unread message

Gadgetman

unread,
Jun 26, 2010, 6:46:31 PM6/26/10
to
I have being running a WEB Application on Win2003 Server and all was
working, with typical URLS of the following form:-
http://10.0.0.19/CRM/Users/Members.aspx

Then suddenly, I am getting URLs of the following form:-
http://10.0.0.19/CRM/Default.aspx?ReturnUrl=%2fCRM%2fUsers%2fMembers.aspx

My software now fails! Where is this ReturnUrl= coming from?

I suspect that another contractor, also deploying software to this
server, has enabled some option that has caused this to happen.

Can someone explain what is happening here?
How do I get rid of this ReturnUrl= feature?

Thanks, Stewart

Gadgetman

unread,
Jun 27, 2010, 7:45:14 AM6/27/10
to
On Jun 27, 12:46 am, Gadgetman <stewart.gad...@gmail.com> wrote:
> I have being running a WEB Application on Win2003 Server and all was
> working, with typical URLS of the following form:-http://10.0.0.19/CRM/Users/Members.aspx
>
> Then suddenly, I am getting URLs of the following form:-http://10.0.0.19/CRM/Default.aspx?ReturnUrl=%2fCRM%2fUsers%2fMembers....

>
> My software now fails! Where is this ReturnUrl= coming from?
>
> I suspect that another contractor, also deploying software to this
> server, has enabled some option that has caused this to happen.
>
> Can someone explain what is happening here?
> How do I get rid of this ReturnUrl= feature?
>
> Thanks, Stewart

Further, I have now found that when running this web app in VS2010
locally, if I leave the login to timeout, and select another page, I
get a URL:-
http://localhost:49293/Default.aspx?ReturnUrl=%2fUsers%2fMIBFA.aspx

So this ReturnURL is being injected by the MS <asp:LoginView engine?

But still not sure of a solution!

Gadgetman

unread,
Jun 28, 2010, 3:36:00 AM6/28/10
to
On Jun 27, 1:45 pm, Gadgetman <stewart.gad...@gmail.com> wrote:
> On Jun 27, 12:46 am, Gadgetman <stewart.gad...@gmail.com> wrote:
>
> > I have being running a WEB Application on Win2003 Server and all was
> > working, with typical URLS of the following form:-http://10.0.0.19/CRM/Users/Members.aspx
>
> > Then suddenly, I am getting URLs of the following form:-http://10.0.0.19/CRM/Default.aspx?ReturnUrl=%2fCRM%2fUsers%2fMembers....
>
> > My software now fails! Where is this ReturnUrl= coming from?
>
> > I suspect that another contractor, also deploying software to this
> > server, has enabled some option that has caused this to happen.
>
> > Can someone explain what is happening here?
> > How do I get rid of this ReturnUrl= feature?
>
> > Thanks, Stewart
>
> Further, I have now found that when running this web app in VS2010
> locally, if I leave the login to timeout, and select another page, I
> get a URL:-http://localhost:49293/Default.aspx?ReturnUrl=%2fUsers%2fMIBFA.aspx

>
> So this ReturnURL is being injected by the MS <asp:LoginView engine?
>
> But still not sure of a solution!

I should show my <asp:LoginView code and the web.config entries:-
<asp:LoginView ID="LoginView1" runat="server">
<LoggedInTemplate>
<br />
<br />
<div style="width:917px;"><h3>&nbsp;Welcome back
<asp:LoginName ID="LoginName1" runat="server" />.</h3>
&nbsp;Click on one of the buttons on the panel above<br /
><br />
&nbsp;You may <asp:HyperLink ID="HyperLink1"
runat="server" NavigateUrl="~/Users/ChangePassword.aspx">change your
password here.</asp:HyperLink><br />
</div>
</LoggedInTemplate>
<AnonymousTemplate>
<br />
<br /><center>
<asp:Login ID="lgnLogin" Runat="server"
UserNameLabelText="User ID:" BorderStyle="Solid"
BorderWidth="1px"
BorderColor="#CCCC99" BackColor="#F7F7DE"
Font-Names="Verdana" Font-Size="10pt"
PasswordRecoveryText="Forgot your password?"
PasswordRecoveryUrl="~/ForgotPassword.aspx">
<InstructionTextStyle Font-Size="0.8em"></
InstructionTextStyle>
<CheckBoxStyle Font-Size="0.8em"></CheckBoxStyle>
<LabelStyle Font-Size="0.8em"></LabelStyle>
<TitleTextStyle Font-Bold="True"
BackColor="#6B696B" ForeColor="#FFFFFF"></TitleTextStyle>
<HyperLinkStyle Font-Size="0.8em"></HyperLinkStyle>
<FailureTextStyle Font-Size="0.8em"
ForeColor="#FF0000"></FailureTextStyle>
</asp:Login>
</center>
</AnonymousTemplate>
</asp:LoginView>

WEB.CONFIG snapshot:-
<authentication mode="Forms">
<forms loginUrl="~/Default.aspx"/>
</authentication>

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="SeifsaASPNETDB" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/SeifsaCRM" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>

<profile>
<providers>
<remove name="AspNetSqlProfileProvider"/>
<add name="AspNetSqlProfileProvider"
connectionStringName="SeifsaASPNETDB" applicationName="/SeifsaCRM"
type="System.Web.Profile.SqlProfileProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>

<roleManager enabled="true">
<providers>
<remove name="AspNetSqlRoleProvider"/>
<add name="AspNetSqlRoleProvider"
connectionStringName="SeifsaASPNETDB" applicationName="/SeifsaCRM"
type="System.Web.Security.SqlRoleProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<remove name="AspNetWindowsTokenRoleProvider"/>
<add name="AspNetWindowsTokenRoleProvider" applicationName="/
SeifsaCRM" type="System.Web.Security.WindowsTokenRoleProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>


cubaman

unread,
Jun 28, 2010, 4:20:25 AM6/28/10
to

Hello:
If someone else settings are causing you trouble, try writing a
"clear" command at the begin of your providers and connection string
settings, like:
<membership>
<clear/>
<providers> ..............

<profile>
<clear/>
<providers> .................

Best regards

Gadgetman

unread,
Jun 28, 2010, 5:43:49 AM6/28/10
to
On Jun 28, 10:20 am, cubaman <oscar.acostamonte...@googlemail.com>
wrote:

OK I tried that,

<membership>
<clear/>


<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="SeifsaASPNETDB" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/SeifsaCRM" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>

<profile>
<clear/>


<providers>
<remove name="AspNetSqlProfileProvider"/>
<add name="AspNetSqlProfileProvider"
connectionStringName="SeifsaASPNETDB" applicationName="/SeifsaCRM"
type="System.Web.Profile.SqlProfileProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>

<roleManager enabled="true">
<clear/>


<providers>
<remove name="AspNetSqlRoleProvider"/>
<add name="AspNetSqlRoleProvider"
connectionStringName="SeifsaASPNETDB" applicationName="/SeifsaCRM"
type="System.Web.Security.SqlRoleProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<remove name="AspNetWindowsTokenRoleProvider"/>
<add name="AspNetWindowsTokenRoleProvider" applicationName="/
SeifsaCRM" type="System.Web.Security.WindowsTokenRoleProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>


But IIS not happy with it:-

Configuration Error
Description: An error occurred during the processing of a
configuration file required to service this request. Please review the
specific error details below and modify your configuration file
appropriately.

Parser Error Message: Unrecognized element 'clear'.

Source Error:

Line 102:
Line 103: <profile>
Line 104: <clear/>
Line 105: <providers>
Line 106: <remove name="AspNetSqlProfileProvider"/>


Source File: E:\Websites\SeifsaCRM-DV\web.config Line: 104

cubaman

unread,
Jun 29, 2010, 5:11:10 AM6/29/10
to

Sorry, I haven't tested the config by my self. The right way is:

<system.web>
<profile>
<providers>
<clear/>
<add name="profilename" type="mytype"/>
</providers>
</profile>
...............................

Best regards.

Note: What this command does is to clear inherited settings from
machine.conf, so if you are having problems with other functionality
enabled by your contractor this might correct those errors. Note that
you are clearing settings for profile providers, but you might have to
do the same on other entries in web.config

Gadgetman

unread,
Jun 29, 2010, 5:38:02 PM6/29/10
to
On Jun 29, 11:11 am, cubaman <oscar.acostamonte...@googlemail.com>


I have solved my problem!
I have 3 roles defined, Administrator, User & Credit Controller...
It turns out that the test user I was using only had
role=”Administrator” but did not have role=”user “...so although I had
signed in, when I selected a page specifically marked as accessible
from role User, it failed for my test user and generated a URL with
ReturnURL= in it!
I added role=User to my test user account – and ALL WORKED!
Now it all makes sense!

0 new messages