StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhat initially sets the ReturnUrl parameter when using AuthorizeAttribute
primarykey
Id
16305962
data
AcceptedAnswerId
0
AnswerCount
2
ClosedDate
CommentCount
6
CommunityOwnedDate
CreationDate
2013-04-30T17:48:07.603
FavoriteCount
4
LastActivityDate
2015-08-14T12:40:09.647
LastEditDate
2013-10-22T00:55:36.397
LastEditorUserId
5640
OwnerUserId
33112
ParentId
0
PostTypeId
1
Score
13
ViewCount
6335
LastEditorDisplayName
text
Body
In an ASP.NET MVC project, when you decorate a class or method with [Authorize] and authorization fails, the site automatically redirects to the login page (using the loginUrl specified in web.config). In addition, something in the ASP.NET MVC framework passes along the original request's URL as a ReturnUrl parameter. What is responsible for appending this ReturnUrl? I couldn't find any code for it in the project template. I also took a look at the code for AuthorizeAttribute in the ASP.NET stack <a href="https://aspnetwebstack.codeplex.com/">source code</a> but couldn't find anything there. I also tried searching the entire ASP.NET stack source code for "returnurl" but couldn't locate anything. The reason I ask is that I've discovered a bug in this process. You can see this with a brand new Internet ASP.NET MVC project. Set the FormsAuth timeout to 1 minute in the web.config and then sign in. Wait over a minute and try to sign out. This will redirect to the login page with a ReturnUrl of /account/logoff, which leads to a 404 after logging in. I've worked around this for now with my own AuthorizeAttribute: <pre><code>public class MyAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext.Result is HttpUnauthorizedResult) { string returnUrl = null; if (filterContext.HttpContext.Request.HttpMethod.Equals("GET", System.StringComparison.CurrentCultureIgnoreCase)) returnUrl = filterContext.HttpContext.Request.RawUrl; filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary() { { "client", filterContext.RouteData.Values[ "client" ] }, { "controller", "Account" }, { "action", "Login" }, { "ReturnUrl", returnUrl } }); } } } </code></pre> However, I would like to take a look at the source and see if I can figure out why this bug exists, if it is indeed a bug.
Tags
<asp.net-mvc>
Title
What initially sets the ReturnUrl parameter when using AuthorizeAttribute
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USGEOCHET
UserOwnerUserId
1. USNathanial Woolls
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POWhat initially sets the ReturnUrl parameter when using AuthorizeAttribute
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POWhat initially sets the ReturnUrl parameter when using AuthorizeAttribute
 UserUserId
 USMaris
 VoteTypeVoteTypeId
 VTFavorite
3. VO
 singulars
 PostPostId
 POWhat initially sets the ReturnUrl parameter when using AuthorizeAttribute
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.