Response redirect always redirect to default.aspx

Question

User1487175000 posted

Hi,

I am redirecting the user after login, to the specific page. Response redirect method always redirect to default.aspx. I have logs which shows the string i pass to response redirect method its shows the correct url.

Code for login button

 protected void userLogin_Click(object sender, System.Web.UI.ImageClickEventArgs e)
    {
        try
        {

            string url = Request.Url.ToString();
            string returnURL = "~/Default.aspx";
            
            log.Debug("Login URL: " + url);

            if (url.Contains("returnUrl"))
            {
                int startOFreturnURL=50; // for production server it should be 50 For test 52

                if (url.Contains("WWW"))
                    startOFreturnURL = 52; // for production server it should be 52 For test 54

                int totalLenght = url.Length;
                int numberOfCharacters = totalLenght - startOFreturnURL;
                returnURL = url.Substring(startOFreturnURL, numberOfCharacters);

                returnURL = returnURL.Replace("http://", string.Empty);
                
                log.Debug("Login URL after substring: " + returnURL);
            }

            DbHandler handler = new DbHandler();
            DataTable dt = new DataTable();
            dt = handler.dbQuery("dbquery");
            if (dt.Rows.Count > 0)
            {
                if (Convert.ToBoolean(dt.Rows[0]["userStatus"].ToString()))
                {
                    this.Session.Timeout = 360;
                    log.Debug("Redirect url after successful login: " + returnURL);
                    Response.Redirect(returnURL, false);
                }
                else
                {
                    lbmsg.Text = "Ditt konto är blockerat. Vänligen kontakta Nisar Awan.";
                    lbmsg.Visible = true;
                }
            }
            else
            {
                lbmsg.Text = "Felaktigt användarnamn eller lösenord.";
                lbmsg.Visible = true;
            }
        }
        catch (Exception exc)
        {
            log.Error("Exception in Login: " + exc.Message);
        }
    }

Logs

2016-08-01 11:18:30,731 [30] DEBUG Conference - Login URL: http://abce.com/Account/Login.aspx?returnUrl=http://abce.com/NewSchema.aspx?SDate=&Kontor=
2016-08-01 11:18:30,731 [30] DEBUG Conference - Login URL after substring: abce.com/NewSchema.aspx?SDate=&Kontor=
2016-08-01 11:18:30,731 [30] DEBUG Conference - loging successfully
2016-08-01 11:18:30,746 [30] DEBUG Conference - Redirect url after successful login: abce.com/NewSchema.aspx?SDate=&Kontor=

Answer 1

User702547207 posted

I notice you are removing the http://. Try without removing the http://. Also do you have any other redirect statement in place which redirects to default.aspx

Answer 2

User1487175000 posted

Yes i am removing http:// because i am getting following exception.

2016-08-01 08:07:56,903 [25] DEBUG Conference - ++++++++++++++++++++++++++++++++++++
2016-08-01 08:07:56,934 [25] ERROR Conference - Exception - 
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
2016-08-01 08:07:56,934 [25] DEBUG Conference - ++++++++++++++++++++++++++++++++++++

Answer 3

User702547207 posted

can you try with ~/ like how you have added for default.aspx instead of http://

Answer 4

User1487175000 posted

same its direct to default page. that really strange.

2016-08-01 14:14:04,528 [12] DEBUG Conference - Login URL: http://www.abce.com/Account/Login.aspx?returnUrl=http://www.abce.com/Statistik.aspx
2016-08-01 14:14:04,528 [12] DEBUG Conference - Login URL after substring: Url=~/www.abce.com/Statistik.aspx
2016-08-01 14:14:04,528 [12] DEBUG Conference - loging successfully
2016-08-01 14:14:04,528 [12] DEBUG Conference - Redirect url after successful login: Url=~/www.abce.com/Statistik.aspx

Answer 5

User702547207 posted

remove the www.abce.com and try only ~/Statistik.aspx

Answer 6

User1487175000 posted

Hi,

Its solve i have substring problem as you see in logs after substring url look like this url=.... it should like abc.com/

here i update the code.

         if (url.Contains("returnUrl"))
            {
                int startOFreturnURL=50; // for production server it should be 50 For test 52

                if (url.Contains("WWW") | url.Contains("www"))
                    startOFreturnURL = 54; // for production server it should be 52 For test 54

                int totalLenght = url.Length;
                int numberOfCharacters = totalLenght - startOFreturnURL;
                returnURL = url.Substring(startOFreturnURL, numberOfCharacters);

                log.Debug("Login URL after substring: " + returnURL);

                returnURL = returnURL.Replace("http://abc.com", "~");
                returnURL = returnURL.Replace("http://www.abc.com", "~");
                
                log.Debug("Login URL after remove: " + returnURL);
            }

Answer 7

User702547207 posted

Cool...