How does redirect to returnUrl work in Asp.Net MVC5

Question

I\'ve started a new MVC 5 site, using the new Asp.Net Identity with Owin. In my \"account\" controller which has the attribute [Authorize], I have fairly standard actions;

Answer 1

To answer your first question on how the redirect Url is setup, it configured in Startup.Auth.cs which is called from Startup.cs and is marked with an attribute which is probably looked for by the OWIN framework on app startup and both files partial extend a Startup class.

In Startup.Auth.cs there's a class to configure authentication options and usually has the following code

public partial class Startup
{
    // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
    public void ConfigureAuth(IAppBuilder app)
    {
        // Enable the application to use a cookie to store information for the signed in user
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            CookieSecure = CookieSecureOption.Always
        });
        // Use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // ....
        // I deleted code which is commented out if you selected "Individual accounts" 
        // if you created the site project using the VS 2013 wizard
        // ...
    }
}

I added the CookieSecure option to ensure cookies were signed and that is recommended as a good security practice, other than that its boiler plate code.

More documentation on CookieAuthenticationOptions if you want it.