When an user clicks a link in my site that requires authentication, the browser is redirected to the login page. The login page includes a returnUrl querystring parameter. The problem is that if the user authenticates using OpenID, the providers redirects the user back to the login page and doesn't include the returnUrl parameter, which is pretty boring because I redirect the user to the home page instead of the page that was tried.
I'm using DotNetOpenID, is there a way to fix this?
It's really easy, Bruno. Just call
IAuthenticationRequest.AddCallbackArguments("returnUrl", Request.QueryString["returnUrl"]);
That will tell DotNetOpenId to preserve the returnUrl argument on the login page and get the behavior you want. I have to disagree with Franci regarding separating the URL that displays the login page from the one that processes the result. For ASP.NET MVC sites that may be appropriate, but for ASP.NET web forms that's really not the way to go, since in addition to displaying any error to the user you'll no doubt want to also display the login form again. Besides, as far as separation of logic, the DotNetOpenId library does all the heavy-lifting for you, so there's hardly any logic in your code-behind page anyway.