Changing LoginUrl for FormsAuth breaks Util/login.aspx redirect?

Vote:
 

Hi!

I need to change the LoginUrl on the form-element in web.config for our implementation of login.

The reason for this is that we will be using a custom login-page and the login mechanics will be based on a header sent from a federation platform on a successful login.

Anyhow..

I have changed the LoginUrl to the following:





from the default:





And once the user tries to access a location that they are not authorized to they get correctly redirected to Login?RedirectUrl=xxxxx, so far all good..

However.. I would also like my administrators of the site to be able to sign in to EpiServer, so I figured that if I simply just hit Util/login.aspx directly by entering it into the address-bar I would end up at the EPiServer CMS login page, and that I do.. however if I sign in with correct credentials I dont get redirected to the actual backoffice, all that happens is that I stay on the login page.. and I dont get any errors and if after a successful login visit ~/EpiServer I end up in the backoffice.. so I assume the redirect that usually happens when you sign in somehow breaks due to the change of the LoginUrl? I have also tried by signing into Util/login.aspx?RedirectUrl=episerver, but its the same issue, no redirect after a successful login..

Any thoughts?

Thanks in advance!

#186721
Edited, Jan 03, 2018 11:51
Vote:
 

Try ?ReturnUrl instead of RedirectUrl. As a non-episerver expert, that does sound strange though because I would expect the login page to redirect you to the site's default page if a return url isn't provided.

#193365
May 29, 2018 14:22
Vote:
 

Hi Mattias,

I think your issue boils down to the how the asp.net Login control works. Basically it internally checks if you are on the login page and if yes then it will use the expected redirects otherwise if there is no value in the DestinationPageUrl property of the control it will redirect back to the same page that the request was (you can check in browser developer tools that after you login you get 302 redirect back to the same page?)

In your case you have defined that your login page url is "Login" but you try to login from "util/login.aspx" so you are not on the defined login page.

Because you are trying to do something like this I assume your editors can't use the same login page as site members?

One option would be that you add logic to your custom login page where you identify your editors (maybe something like that they come from internal network) and then redirect them to another custom login page that can redirect them to Episerver edit mode after succesful login.

If the above is not possible then you still should do a custom login page for editors and then they just have to know the login url - poor user experience but.. (it is the same with knowing the default util/login.aspx url).

Assuming you are already familiar with creating custom login page but just in case look at this post by Daniel: https://world.episerver.com/blogs/Daniel-Ovaska/Dates/2016/6/creating-a-custom-login-page/

#193394
Edited, May 29, 2018 21:02