Error during FormsAuthentication.RedirectFromLoginPage

Question

Greetings,

I created a custom security extenstion that worked great - except every call to

FormsAuthentication.RedirectFromLoginPage would result in a

"The return URL specified for request redirection is invalid." error type message.

I reverted back to windows security with no problem. Then used the Microsoft Forms Security example thinking maybee I had improperly implemented the interface.

When the forms security example provided by microsoft was configured I still get

"The return URL specified for request redirection is invalid." error type message.

Here is the actual query string when loging into the reportserver using the custom security extension:

http://<MACHINE_NAME>/ReportServer/logon.aspx?ReturnUrl=%2fReportServer%2fPages%2fReportViewer.aspx%3f%252fMathReports%252fClass%2bProgress%2bChart%26ClassID%3d1514%26rs%3aCommand%3dRender&%2fMathReports%2fClass+Progress+Chart&ClassID=1514&rs:Command=Render

I have replaced the ip with <machine_name>. I have been working on this problem for 2 days with no solution. Help would be nice.

Thanks,

Ross B.

 

 

 

Answer 1

I noticed if I manually changed the ReturnURL in the address bar from

http://<MACHINE_NAME>/ReportServer/logon.aspx?ReturnUrl=%2fReportServer%2fPages%2fReportViewer.aspx%3f%252fMathReports%252fClass%2bProgress%2bChart%26ClassID%3d1514%26rs%3aCommand%3dRender&%2fMathReports%2fClass+Progress+Chart&ClassID=1514&rs:Command=Render

to

http://<MACHINE_NAME>/ReportServer/logon.aspx?ReturnUrl=%2fReportServer%2fPages%2fReportViewer.aspx%3f%2fMathReports%2fClass+Progress+Chart&ClassID=1514&rs:Command=Render

It almost looks like the redirect is duplicated in the query string - anyone know why this is?

Answer 2

If I change functionality from

FormsAuthentication.RedirectFromLoginPage(TxtUser.Text, false);

To:

aUrl=Request.QueryString["ReturnUrl"];

FormsAuthentication.SetAuthCookie(TxtUser.Text,false);

Response.Redirect(aURL);

This works...however I am still puzzled as to what is causing the recommended way to fail in my setup.

Ross B.

 

Answer 3

Hi,

 

I am facing a similar problem. However, I tried your solution but it did not work.

In my case the http://<Site Name>/_layouts/login.aspx?ReturnUrl=%2flists%2ffeedback%2fnewform.aspx%3fsource%3d%2fpages%2fconfirmation.aspx%3fsource%3dhttp%3a%2f%2f<Site Name&source=/pages/confirmation.aspx?source=http://<Site Name>

 

When I replace the return url from realtive to absolute link it starts working. Can you please suggest me where should i change to get this working?

 

Thanks in advance,

Answer 4

Thank you Ross B.

 

Answer 5

The problem with your query strinng is the it contains the colon ":" somewhere in it.  That character (amongs other ones) will cause the error you got.  I ran into the same problem and this is how it was solved.

 

Code Snippet

try

{

   FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);

}

catch (Exception ex)

{

   string strURL = (null != Request.QueryString["ReturnURL"] && Request.QueryString["ReturnURL"] != "") ?  Request.QueryString["ReturnURL"] : "Default.aspx";

   FormsAuthentication.SetAuthCookie(txtEmail.Text, false);

   Response.Redirect(strURL);

}

 

 

 

 

HTH

 

 

Answer 6

thanks lopez this fixed