Vulnerability in EPiServer.Forms
I have the situation where we use two membership providers, and we want our two user bases (customer and epi users) to use different login pages. We achieve that by using a custom login proxy page that routes the user to the right login page based on the original page the user where trying to go to.
The customer part is easy since we want it to totally cusom, we want the epi part to be like the default epi login but I can't find out if there is an EPiLogin control or anything like that. I tried to forward all the epi users to the /Util/Login.aspx and works to some extent, the login part is fin but the users is not redirected to the page he or she where trying to access; that is, the user stays on /Util/Login.aspx if the url is not manually changed.
Is there a trick to get the /Util/Login.aspx to work as it should even though it is not the default login page? Or is there a way to use the login control outside of the /Util/Login.aspx page?
As I see it you could either add the return url in the query string like EPi does.
I.e. going to mysite/admin/edit will send me to mysite/Util/login.aspx?ReturnUrl=/admin/edit
or if you want your own page have a look at the login.aspx page in the public templates
There are noproblems in creating you own loginpage for episerver like the one they are using in world.episerver.com. EPServer is using standard .net profiles so have a look at the public templates as petter mentioned. Then just change the url in your web.config to be a page in your solution instead of util/login.aspx and you are good to go :)