Geek Answers Handbook

Form Authentication Adds More Information With ReturnUrl

With forms authentication, when the application needs to be redirected to the login page, is there an event or any extension point that will allow me to do additional work on the request before redirecting to the login page?

I would like to send additional information to the query string, which may differ, that it will not work, to statically insert it into the link in the loginUrl node in web.config.

Edit: For clarification, I want to intercept the request before being redirected to the login page .

Example:

<authentication mode="Forms"> <forms loginUrl="http://the/interwebs/login.aspx" timeout="2880" enableCrossAppRedirects="true" /> </authentication>

And before the user is redirected to http: //the/interwebs/login.aspx I would like to be able to pack into the request values ​​so that the URL could have something in the end like http: // the / interwebs / login. aspx? Action = Refresh

+4
source share
3 answers

I have done this before using the http module. My example (stripped down) is in vb.net. I just check the status code 401 and do my own forwarding. The big trick here was that I had to remove and add web.config httpModules to make sure my httpmodule exited the url authorization module. In my case, I had some redrawing URLs for localization, and I needed to send the locale ID to the login page, because it was lost by the usual redirect in the URL authorization module. I used Reflector heavily to create a base path (not shown), as these are private methods.

  Public Sub Init(ByVal context As System.Web.HttpApplication) Implements System.Web.IHttpModule.Init AddHandler context.EndRequest, AddressOf Context_EndRequest End Sub Private Sub Context_EndRequest(ByVal sender As Object, ByVal e As EventArgs) If TypeOf sender Is HttpApplication Then Dim hApplication As HttpApplication = DirectCast(sender, HttpApplication) Dim hContext As HttpContext = hApplication.Context If (hContext.Response.StatusCode = &H191) Then hContext.Response.Redirect(String.Format("{0}?ReturnUrl={1}&someparam2={2}", basepath, HttpUtility.UrlEncode(hContext.Request.RawUrl), someparam2)) End If End If End Sub

web.config changes

  <httpModules> <clear/> <!-- custom --> <add name="SomeHttpModule" type="SomeCompany.SomeProduct.SomeHttpModule"/> <!-- add back defaults, exlude PassportAuthentication, AnonymousIdentification, Profile --> <add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/> <add name="Session" type="System.Web.SessionState.SessionStateModule"/> <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/> <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/> <add name="RoleManager" type="System.Web.Security.RoleManagerModule"/> <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"/> <add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule"/> </httpModules>
+1
source

You can do this by handling the HttpApplication.AuthenticateRequest event

  private void Application_AuthenticateRequest(Object source, EventArgs e) { HttpApplication application = (HttpApplication)source; HttpContext context = application.Context; string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = context.Request.Cookies[cookieName]; if (authCookie == null || string.IsNullOrEmpty(authCookie.Value)) { //... do something }

FYI. We are currently doing this using the IHttpModule implementation.

+6
source

You do not need to use a form validation mechanism to redirect people to a URL. You can do it in code. Just sign them in and redirect them yourself using Response.Redirect .

-1
source

More articles:


All Articles