I suggest you ...

Make "ReturnUrl" a configurable key name instead of having it hard coded in System.Web.Security.FormsAuthentication

Since "ReturnUrl" is a hard coded string in the FormsAuthentication module, which is sealed, I cannot easily have my application use a different string for this purpose. In my case I'd like to use a different string for technology obfuscation purposes (if a malicious user sees ReturnUrl then they know it's likely being served by ASP.NET which may help them more efficiently target their attack), but I could see others wanting to simply have a shorter querystring key, or perhaps one that fits into existing corporate naming standards, etc. Why not make this string ("ReturnUrl") configurable in web.config under system.web/authentication/forms? If there are difficulties there, then how about some sort of hook into FormsAuthentication to change this constant? Perhaps simply providing an overload of the RedirectToLoginPage() method that takes a parameter for this purpose would suffice.

15 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Frank ThiemongeFrank Thiemonge shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base