ASP.NET MVC UnauthorizedResult adding unwanted parameters to login url

I have th开发者_JS百科is problem in a production application where query string parameters are being added to the login redirect url. To reproduce this, create a new MVC project (I tested with both MVC2 and MVC3 R2). In the HomeController add the following action:

public ActionResult Break()
{
    return new HttpUnauthorizedResult();
}

Launch the application and hit /home/break?a=1&b=2. So this should naturally redirect to /Account/LogOn?ReturnUrl=/home/break%3fa%3d1%26b%3d2 but it actually adds the requested parameters (&a=1&b=2) to the end of the url as well:

Why is this happening? There's no need for those parameters to be added since the encoded url in ReturnUrl has the required parameters. I thought it would be something in the production application, but if the steps above are followed, a default MVC application will reproduce this as well. Any thoughts on how to solve this are appreciated.

This is done so that the LogOn action will have access to the original (unencoded) querystring values.

So given the URI

http://localhost:65183/Account/LogOn?ReturnUrl=/home/break%3fa%3d1%26b%3d2&a=1&b=2

The ReturnUrl key/value pair is the URI to redirect to after a successful login and it contains the encoded querystring pairs from the previous request.

To change this behaviour you'd need to override how the redirect is being built.

protected void Application_EndRequest(object sender, EventArgs e)
{
    if (Response.RedirectLocation != null && Response.RedirectLocation.Contains("ReturnUrl"))
    {
        // change redirect URI
    }
}