Gets a value indicating whether authenticated users can be redirected to URLs in other Web applications.
Syntax
Value
Documentation for this section has not yet been entered.
Remarks
The FormsAuthentication.EnableCrossAppRedirects property value is set using the enableCrossAppRedirects attribute of the forms configuration element.
The FormsAuthentication.EnableCrossAppRedirects property is checked within the erload:System.Web.Security.FormsAuthentication.RedirectFromLoginPage method when the redirect URL does not point to a page in the current application. If FormsAuthentication.EnableCrossAppRedirects is true, then the redirect is performed; if FormsAuthentication.EnableCrossAppRedirects is false, the browser is redirected to the page defined in the FormsAuthentication.DefaultUrl property.
When you redirect pages across applications, you must make sure that specific attributes in the forms configuration element are duplicated across the authenticated applications. For more information and an example, see Forms Authentication Across Applications.
When cross-application redirects are allowed, your site is vulnerable to an exploit that directs users to a malicious Web site but uses the login page for your site. Always verify that the redirect URL that is returned by the FormsAuthentication.GetRedirectUrl(string, bool) method is a URL that you expect so that you can make sure that you allow redirects only to approved Web sites. You must also verify that the redirect URL uses the appropriate protocol (HTTP or HTTPS). To perform these verifications, you can add a postback event handler to your login page, or you can add a handler for the System.Web.UI.WebControls.Login.LoggedIn event of the System.Web.UI.WebControls.Login control.
Requirements
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0