System.Web.Security.FormsAuthentication.RedirectFromLoginPage Method

Redirects an authenticated user back to the originally requested URL or the default URL using the specified cookie path for the forms-authentication cookie.

Syntax

public static void RedirectFromLoginPage (string userName, bool createPersistentCookie, string strCookiePath)

Parameters

userName
The authenticated user name.
createPersistentCookie
true to create a durable cookie (one that is saved across browser sessions); otherwise, false.
strCookiePath
The cookie path for the forms-authentication ticket.

Remarks

The FormsAuthentication.RedirectFromLoginPage(string, bool, string) method redirects to the return URL specified in the query string using the ReturnURL variable name. For example, in the URL http://www.contoso.com/login.aspx?ReturnUrl=caller.aspx, the FormsAuthentication.RedirectFromLoginPage(string, bool, string) method redirects to the return URL caller.aspx. If the ReturnURL variable does not exist, the FormsAuthentication.RedirectFromLoginPage(string, bool, string) method redirects to the URL in the FormsAuthentication.DefaultUrl property.

ASP.NET automatically adds the return URL when the browser is redirected to the login page.

By default, the ReturnUrl variable must refer to a page within the current application. If ReturnUrl refers to a page in a different application or on a different server, the FormsAuthentication.RedirectFromLoginPage(string, bool, string) method redirects to the URL in the FormsAuthentication.DefaultUrl property. If you want to allow redirects to a page outside the current application, you must set the FormsAuthentication.EnableCrossAppRedirects property to true using the enableCrossAppRedirects attribute of the forms configuration element.

Note:

Setting the FormsAuthentication.EnableCrossAppRedirects property to true to allow cross-application redirects is a potential security threat. For more information, see the FormsAuthentication.EnableCrossAppRedirects property.

If the FormsAuthentication.CookiesSupported property is true, and either the ReturnUrl variable is within the current application or the FormsAuthentication.EnableCrossAppRedirects property is true, then the FormsAuthentication.RedirectFromLoginPage(string, bool, string) method issues an authentication ticket and places it in the cookie specified by the strCookiePath parameter using the erload:System.Web.Security.FormsAuthentication.SetAuthCookie method.

If FormsAuthentication.CookiesSupported is false and the redirect path is to a URL in the current application, the ticket is issued as part of the redirect URL. If FormsAuthentication.CookiesSupported is false, FormsAuthentication.EnableCrossAppRedirects is true, and the redirect URL does not refer to a page within the current application, the FormsAuthentication.RedirectFromLoginPage(string, bool, string) method issues an authentication ticket and places it in the System.Web.HttpRequest.QueryString property.

Requirements

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0