Redirect user to original url after login in asp net core

Показать описание

How to redirect the user to the original requested URL after a successful login.

ReturnUrl in ASP.NET Core

Text version of the video

Healthy diet is very important for both body and mind. We want to inspire you to cook and eat healthy. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking.

Slides

ASP.NET Core Text Articles & Slides

ASP.NET Core Tutorial

Angular, JavaScript, jQuery, Dot Net & SQL Playlists

What happens when we try to navigate to a URL, to which we do not have access

By default, ASP.NET Core redirects to the Login URL with ReturnUrl query string parameter. The URL that we were trying to access will be the value of the ReturnUrl query string parameter.

ReturnUrl Query String Example

In this example, ReturnUrl is set to ReturnUrl=/home/create. I was trying to Create a New Employee by navigating to /home/create without first signing in. Since I do not have access to /home/create until I login, ASP.NET core redirected to the login URL which is /Account/Login with the query string parameter ReturnUrl

The characters %2F are the encoded charactes for a forward slash (/). To decode these chracters in the URL, you may use the following website.

Redirect to ReturnUrl after Login

ASP.NET Core model binding automatically maps the value
from the URL query string parameter ReturnUrl
to the Login() action method parameter returnUrl
ASP.NET Core Redirect(returnUrl) method, redirects the user to the specified returnUrl

[HttpPost]
[AllowAnonymous]
public IActionResult Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var result = signInManager.PasswordSignInAsync(model.Email,
model.Password, model.RememberMe, false);

if (result.Succeeded)
{
if (!string.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("index", "home");
}
}

ModelState.AddModelError(string.Empty, "Invalid Login Attempt");
}

return View(model);
}

There is a serious flaw in the way we have used the ReturnUrl query string parameter. This opens a serious security hole with in our application which is commonly known as open redirect vulnerability.

Рекомендации по теме

Комментарии

Best 5⭐⭐⭐⭐⭐ Instructor in the world: Just a quick question to followers, is there anything wrong with binding returnUrl to model property?

<input type="hidden" asp-for="ReturnUrl"

admiremhlaba

Thank's so much big guy. I was losse on this new tech, but finaly found some one who know enough and kind to share.

foxlatinomx

Thanks for the info, you implementation is simple and elegant and efficient.

rayt

@kudvenkat - Why are we adding ReturnUrl in the POST method parameter? Should it not be a part of GET method parameter? When I am trying to access a protected page, it throws me back to GET method rather than POST. Another query is that is it necessary to name the controller as Account? I tried renaming the controller but Redirect is happening to Account/Login only.

amandixit

mvc core 2.2 redirects me to Identity/Account/Login instead of Account/Login. When I fix this problem, I lose returnurl!!! What is wrong?

kourosh

Sir, I don't know. After I log in it still accesses into my index action in home controller. And when I did try to debug it, it told me that the ReturnUrl is null. So could you tell me how to fix it? Is there any problems if the returnUrl is null or is it my logical error?

laomenghuo

Hi Venkat, could you kindly please respond to the question which I have posted in Part 70 - Implementing login functionality in asp.net core
???

ymtan

Could you do same video but with asp.net ?

youssefmohamed

I think in that condition you over complicated a little bit. I don't think It was necessary for "!" by testing if it is nullorempty.

nolimitsREAL

Hi Venkat,

Can we get Routedata in ReturnUrl?
beacuse when i am on the "/Home/Details/1" and if i log out then the url become

and it redirect me to Home page so how can we again redirect to "/Home/Details/1" after Login ?

Thanks.

bhavinpatel

I'm a little flabbergasted by the fact that the ReturnUrl made it to the POST method, although my testing show that clearly it does. When the login method gets called, that query string is passed to the login GET method, but I don't understand how the ReturnUrl makes it to the POST method after the submit button gets pressed.

eawig

Dear Pragim,

ReturnUrl in mycase is always empty even though it has url in the browser?

You must say " how to get returnUrl when we try go another controller" (if not unauthorized get this url and send login with returnUrl auto)

guldenizeryilmaz

Hi Venkat, I'm not getting the returnUrl value in the HttpPost request. Can you please tell me what I'm i missing. I have tried with other controller as well but im not getting the query string value in HTTP post method. Can you please clarify on it.

gangalambindumadhavi

Do tutorial for Facebook auth.
How to add facebook user to identity

meetit

how to add a username in URL after login It's possible...

rockingtamizha

Brother can I get video 2 hide css url link sources code other end client side?

NskSivu

if anyone seeing this error in the Edit page console: 'Synchronous XMLHttpRequest on the main thread is deprecated....', use this jquery code: inside the script section :- $.ajaxPrefilter(function (options, originalOptions, jqXHR) { options.async = true; });

anamuslimun

help
Hello
Please please I need your help it’s very urgent
I need to calculate our company employees net salary, I have two tables
First table: come from our finger print system have the employee clock in and clock out with columns ( employee id, date, time in and out)
Second table : have the requests send by every employee if his late or absent ( employee id, request type such as sick leave or excuse, and date)
The challenge is I want to join these two tables to make some calculations such as if he is absent will deduct two days from his salary if he didn’t send a sick leave.
I don’t know how to connect both of them, I try every thing I have learned such as merge or append queries I also try to model it in power bi but it doesn’t work at all time

nokindesign

Redirect user to original url after login in asp net core

Redirect user to original url after login in asp net core

Open Redirect Vulnerability Explained

How To Redirect a URL in WordPress

Using Joomla's URL Redirect Plugin

Redirect After Login with React Router v6

Open redirect vulnerability example

Redirect Http to Https with URL Parameter

How to Auto Redirect to Another Page Using Javascript & HTML

Login Redirect - Como alterar a URL de redirecionamento? #filament #laravel #jetbrains

What's the Difference Between a 301 and 302 Redirect?

.htaccess - Redirect all URLs with one exception

301 Redirect Using .HTAccess - Redirect A Website Page | WP Learning Lab

How do you make a redirect in PHP? Using only PHP to redirect user to another page

Is there an advantage to using rel='canonical' over a 301 redirect?

✅ Redirect Rewrite URL in ASP Core .Net5 in Startup.cs with Code

How to Redirect a URL | HostGator

How to Redirect IP Address to Domain (Apache and Nginx)

How to Create Shortened, Redirect URLs with Squarespace URL Mappings — Monarch Virtual Consulting, L...

Little Big - Uno - Russia 🇷🇺 - Official Music Video - Eurovision 2020

How to create a 301 redirect for apache

BugBounty Whitehat Hacker Facebook - Canvas/Web URL Filter Bypass & Open Redirect Vulnerability

KIDS UNITED - On Ecrit Sur Les Murs (Clip Officiel)

URL Mapping Request.RawUrl Property

How to Create a URL Redirect in HubSpot | HubSpot How To's with Neighbourhood