I am getting the error "The return URL specified for request redirection is invalid" when using forms authentication. I found this thread that says this is a known issue with return URLs that contain colons (mine indeed contains a few).
The workaround in that thread is to catch the error and use a default return URL ... hardly an acceptable solution. I can try to avoid colons in URLS, but that's a bit of a pain.
Is there another alternative?
The colon is a reserved character, per the URI RFC. You can't put an unencoded : in the query or hash of a URI, period.
So you need to %-encode the colon.