If the link "Forget Password" contains a parameter called ReturnUrl the behaviour is understandable. The method Application_BeginRequest is called when a client request is initiated towards your application
before the Page_Init and Page_Load of your aspx page gets called. In your above method the url is taken apart into schema/host/path and querystring components. The if statement just checks if the querystring contains the string "ReturnUrl" and then redirects to the ~/login.aspx.
void Application_BeginRequest(object sender, EventArgs e)
{
string path = HttpContext.Current.Request.Url.PathAndQuery;
string pagequery = path.Substring(path.LastIndexOf("/") +1);
string[] pagequery_Elements = pagequery.Split('?');
string ReturnUrl = pagequery_Elements[0];
string QueryString = pagequery_Elements[1];
if (QueryString.Contains("ReturnUrl") && !ReturnUrl.ToUpper().Contains("RECOVERYASSWORD.ASPX"))
{
Response.Redirect("~/login.aspx", true);
}
}
Hope that clears it up for you.
Cheers!