Make "ReturnUrl" a configurable key name instead of having it hard coded in System.Web.Security.FormsAuthentication
Since "ReturnUrl" is a hard coded string in the FormsAuthentication module, which is sealed, I cannot easily have my application use a different string for this purpose. In my case I'd like to use a different string for technology obfuscation purposes (if a malicious user sees ReturnUrl then they know it's likely being served by ASP.NET which may help them more efficiently target their attack), but I could see others wanting to simply have a shorter querystring key, or perhaps one that fits into existing corporate naming standards, etc. Why not make this string ("ReturnUrl") configurable in web.config under system.web/authentication/forms? If there are difficulties there, then how about some sort of hook into FormsAuthentication to change this constant? Perhaps simply providing an overload of the RedirectToLoginPage() method that takes a parameter for this purpose would suffice.
Thanks for taking the time to share this suggestion. This item has been around for a couple of versions of Visual Studio and we haven’t acted on it. Looking at the VS “15” plans, we’re not going to take action on this item, so we’re going to close it. If the suggestion is still relevant, please either take a look to see if there’s another suggestion that’s similar that you can vote on, or open a new suggestion.
- The Visual Studio Team
I VOTE FOR THIS FEATURE! YES!!!