The MVC route returns 401 only if the ReturnUrl parameter is in querystring

Question

The MVC route returns 401 only if the ReturnUrl parameter is in querystring

In the MVC application, we use the querystring parameter called ReturnUrl to track where the user came from and where they come back after the current page / view is completed. In addition, the same parameter is used when their session ends (for example), and they are sent to the login page with the parameter ReturnUrl , which now contains the page on which they were just.

Input redirects are handled correctly if the URL from which they are coming does not include the ReturnUrl parameter. But if so, then they show hard 401 from IIS.

Example 1:

User is at http://example.com/Account/Edit
The session is disconnected, then the user updates the updates.
The user is logged into the login page with the querystring ReturnUrl parameter ReturnUrl correctly. WELL

Example 2:

User is at http://example.com/Account/Edit?ReturnUrl=%2FSomething%2FElse%2F4
The session is disconnected, then the user updates the updates.
The user immediately displays the IIS 401 error page instead of sending to the login page. Bad

Note that the request is passed to the MVC handler:

WHY ME ?!

I am debugging as much as possible, but the problem arises within the framework of MVC itself. If I changed the ReturnUrl parameter to something else, ReturnUrl2 , for example, input redirection will be fine.

What is so special about ReturnUrl ?

0

asp.net asp.net-mvc asp.net-mvc-3 routing

Josh M. Apr 30 '15 at 16:39

source share

No one has answered this question yet.

See similar questions:

4

Does AuthorizeAttribute not work if the URL has a query string?

or similar:

472

How to make ASP.NET MVC string representation?