FormsAuthentication And Query String Parameteres

Today I ran into this strange"feature" of ASP.NET:

When redirecting to the login page, the query string parameters are encoded with the requested URL into the ReturnUrl query string parameter of the request to the login page, but are also in the query string of the request to the login page.

Here is an example:

When requesting:

http://localhost:5014/FormsAuthentication/default.aspx?test=true

we are redirected to:

http://localhost:5014/FormsAuthentication/login.aspx?ReturnUrl=%2fFormsAuthentication%2fdefault.aspx%3ftest%3dtrue&test=true

See the test parameter?

As far as I know, this is not documented or overridable.

One Response to FormsAuthentication And Query String Parameteres