A
Andrew Connell
I have an application where the authentication is based off another site (custom portal). The portal authenticates the user(s). Then, when they select an application, they are routed to the application's URL (different domain, different server). When they try to bypass the portal, I need to capture the URL they requested, route them to the portal (letting it authenticate them), and then send them back to the original requesting page.
My plan is:
My problem is that the GetRedirectUrl requires a username to get the URL requested... but I don't know the user until AFTER authentication. Seems like a flaw in the design of FormsAuthentication.
My plan is:
Request page from secure app URL (www.secureapp.com/foo.aspx).
If not authenticated, use FormsAuthentication to route to www.secureapp.com/portalAuth/outbound.aspx which would capture the original requested URL (stored in cookie/session).
The portal prompts for login and authenticates... sending them back to www.secureapp.com/portalAuth/inbound.aspx which pulls an encrypted QS value to assure they were authenticated and who they are. Sets some session variables, and sends them to the originally requested page.
My problem is that the GetRedirectUrl requires a username to get the URL requested... but I don't know the user until AFTER authentication. Seems like a flaw in the design of FormsAuthentication.