I’ve seen many ASP.NET MVC samples and some of them do not honor the
ReturnUrl parameter, rendering this unusable.
Classic ASP.NET has the login form component that puts the same exact URL used to access the login page in the form action URL, preserving the
ReturnUrl parameter and then,
FormsAuthentication.GetReturnUrl() gets it from the
GetReturnUrl() method looks as well in
Request.Form in case there’s nothing in the query, this way, we can use a hidden field as well to store the
ReturnUrl in the View and pass it through POST when the login form is submitted.
So, in ASP.NET MVC we have two options:
- Use simply
Html.BeginForm()without parameters, which will put a simple form tag, with the same URL as the current one and use POST by default
- If we want to have more control on the
Html.BeginForm(), put a hidden field with the value of the
ReturnUrl, only if the ReturnUrl is not empty, or it will fail. This can be obtained from the
Request.QueryStringcollection, the ViewData if we put it previously on the Controller action or even better store it in the ViewModel and have a strong typed reference.
And that’s it. Then,
FormsAuthentication.GetReturnUrl() will get the proper URL and other methods like
FormsAuthentication.RedirectFromLoginPage() will also work seamlessly.