I suggest you ...

Make "ReturnUrl" a configurable key name instead of having it hard coded in System.Web.Security.FormsAuthentication

Since "ReturnUrl" is a hard coded string in the FormsAuthentication module, which is sealed, I cannot easily have my application use a different string for this purpose. In my case I'd like to use a different string for technology obfuscation purposes (if a malicious user sees ReturnUrl then they know it's likely being served by ASP.NET which may help them more efficiently target their attack), but I could see others wanting to simply have a shorter querystring key, or perhaps one that fits into existing corporate naming standards, etc. Why not make this string ("ReturnUrl") configurable in web.config under system.web/authentication/forms? If there are difficulties there, then how about some sort of hook into FormsAuthentication to change this constant? Perhaps simply providing an overload of the RedirectToLoginPage() method that takes a parameter for this purpose would suffice.

18 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Frank ThiemongeFrank Thiemonge shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for taking the time to share this suggestion. This item has been around for a couple of versions of Visual Studio and we haven’t acted on it. Looking at the VS “15” plans, we’re not going to take action on this item, so we’re going to close it. If the suggestion is still relevant, please either take a look to see if there’s another suggestion that’s similar that you can vote on, or open a new suggestion.

    - The Visual Studio Team

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base