I have created a custom /AccessDenied page for unauthorized users with a returnUrl link.
If a user currently present at /ProductList page and want to access /EditProduct page then I am redirecting an unauthorized user to /AccessDenied page with returnUrl, but in returnUrl, I am getting /EditProduct page URL while I want /ProductList page URL.
Because when the user clicks the Link of returnUrl at /AccessDenied page, it redirected to /EditProduct page and then to /AccessDenied page but it should redirect to /ProductList page. How this problem can be resolved?
I mentioned the path of /AccessDenied page in a startup.cs class.
It is correct to get the /EditProduct page because that is the page you wanted to to access before being intercepted. what do you mean by "user click the Link of returnUrl at /AccessDenied page". The person is expected to login not to just click on some link. Put a login form in the /AccessDenied page (if appropriate) or instead redirect to the /login page so the user can login and then be authenticated, else AllowAnonymous on the /EditProduct page (if appropriate) so it can be accessed unauthenticated.