How can I change the name of the “ReturnUrl” param

2020-03-02 01:51发布

问题:

ReturnUrl is kind of ugly. I'd like to use redirect instead. How can I specify the name of the parameter that should be used for forms authentication redirect URLs in conjunction with the [Authorize] attribute? Or do I have to create an IAuthorizationFilter implementation? :(

Example:

[Authorize]
public class Tools : Controller
{
    public ActionResult Index()
    {
        return View();
    }
}

When a user who is not logged in visits http://example.com/tools, I'd like them to be redirected to http://example.com/account/logon?redirect=%2ftools, instead of the default http://example.com/Account/LogOn?ReturnUrl=%2ftools

For the /account/logon part, I can modify my routes in Global.asax and change

<authentication mode="Forms">
  <forms loginUrl="~/account/logon" timeout="2880" />
</authentication>

in web.config. But I don't know how to change the ReturnUrl parameter.

回答1:

Add this key to the appSettings section of your web.config

<add key="aspnet:FormsAuthReturnUrlVar" value="redirect" />


回答2:

The question and answers here seems to relate to the old form authentications stuff. On newer versions of MVC, e.g. MVC 5 (with Identity 2.0), you would do something like this in the Startup.Auth.cs:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/account/login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            },
            ReturnUrlParameter = "redirect"
        });

The important part is of course ReturnUrlParameter = "redirect" (can be anything). The rest might be different for your project.



回答3:

Not the BEST solution around, but it works...

<rule name="FormsAuthentication" stopProcessing="true">
  <match url="^account/log(i|o)n$" />
  <conditions>
    <add input="{QUERY_STRING}" pattern="^ReturnUrl=([^=&amp;]+)$" />
  </conditions>
  <action type="Redirect" url="account/logon?redirect={C:1}" appendQueryString="false" />
</rule>


回答4:

The problem here is that a redirect is not a post. It's a get. The only way to pass a variable on get is to use a query string parameter of some type. You can disguise this url rewrite but it's still a query parameter, and passed on the URL.

Perhaps you could be a little more clear about what you're looking for?



回答5:

There is no way to change the name of the parameter using configuration because the "ReturnUrl" parameter name is hard-coded in the System.Web.Security.FormsAuthentication class, which is the class that is used for forms authentication, including redirects.

One way to achieve the desired result is to extend the Authorize attribute such that it redirects to the login page with your customized parameter name. Then depending on which additional methods from FormsAuthentication you use, you can modify those as well, in particular FormsAuthentication.RedirectFromLoginPage.



回答6:

The parameter name can't be changed, which is annoying. I solved this by writing my own authentication module - you need to know how authentication works inside, but it's not hard - just look how it's done in reflector (and possibly simplify it, I ended up using only cookie encrypting/decrypting from FormsAuthentication).



回答7:

Just add in your web.config in the appSettings section following key-value pair:

<add key="aspnet:FormsAuthReturnUrlVar" value="your-custom-parameter-name"/>