search

OrchardCMS / Orchard

Orchard is a free, open source, community-focused Content Management System built on the ASP.NET MVC platform.
https://orchardproject.net
BSD 3-Clause "New" or "Revised" License
2.38k stars 1.12k forks source link

returnUrl and ReturnUrl are treated differently when returning HttpUnauthorizedResult #3594

Open orchardbot opened 11 years ago

orchardbot commented 11 years ago

@jetski5822 created: https://orchard.codeplex.com/workitem/19765

a simple test.

try this locally logged off...

/admin?returnUrl=%2F = result - a Access denied page

/admin?ReturnUrl=%2F = result a 401 with no access denied page.

orchardbot commented 11 years ago

@jetski5822 commented:

Hmmm might actually be more of an issue with FormsAuthentication http://blogs.msdn.com/b/vijaysk/archive/2008/01/24/anatomy-of-forms-authentication-return-url.aspx