My iis folder structure is like
Default Web Site---->online and Accessing with www.sitename.com/online
Default Web Site---->trade and Accessing with www.sitename.com/trade
Default Web Site---->private and Accessing with www.sitename.com/private
Here the login page is residing inside "Default Web Site---->trade/Login.aspx".When user enter
www.sitename.com/online or www.sitename.com/private or www.sitename.com/trade he/she will be redirecting to the url www.sitename.com/trade/Login.aspx.
So my need is when user enter "www.sitename.com/online" he/she should remain in the same URL as www.sitename.com/online and not "www.sitename.com/trade/Login.aspx".So how can i maintain the URL that user entered.
Thanks,
Joby
Best way to do this is pass a parameter w/ original url in your redirect to login page, and then have login redirect you back to that original url
Location: http://example.com/login?ref=http%3A%2F%2Fexample.com%2Ffoo
Then after login, you read "ref" parameter and do a location redirect back.
If you are using built-in membership provider, then you may use [Authorize] attribute, that has an functionality to redirect the user to original page, after user gets authenticated system will automatically redirect the user to requested page.
Or you may try following solution:
Something like this:
www.sitename.com/trade/Login.aspx?ReturnUrl=http%3A%2F%2Fsitemap.com%2Fonline
After user gets authenticated, you may redirect the user to requested page.
Response.Redirect(Request.QueryString["ReturnUrl"]);
Consider using MVC or at least routing portion of it with ASPX pages to render views. This way you can have any Urls you want unrelated to physical file names.
Users rarely enter any urls... and I'm not really sure anyone cares as long as Url makes some sence (or complete noncense). So I think it is perfectly ok to render login page at something like /login and than redirect back to originating page. You can save original url in query string (as #chovy suggests) or hidden element on the page if login never leaves your site. If login leaves your site (i.e. for OAuth authentication) thatn session state or cookies may be place to store return Url.
Related
Im developing an asp.net application and trying to get authorization to work. When I first start my website I want to see login page and then depending what's the name of the user, I want to bring them to appropriate page eg when login succeed as doctor -- redirect to Doctor.aspx, when login authorization succeeded as secretary -- go to secretary page. I tried doing it with web administration using "Manage access rules" but once login passes it just redirects me default.aspx (which doesn't exist). How do I redirect it depending on who's the user ? This is the structure of my directory
You can create like this
string redirecturl;
if(ds.Tables[0].Rows[0]["UserRole"].ToString()=="Secretary")
redirecturl="Secretery/index.aspx";
if(ds.Tables[0].Rows[0]["UserRole"].ToString()=="Doctor")
redirecturl="Doctor/index.aspx";
That's one way. Also this article might be helpful for you.
I'm working in a WEB project based on ASP.NET and C#. It's not a new project, I'm just fixing some bugs and making some updates.
The website works like, if you're not logged in and write a url depending on the website, it redirects you to the login page. Then, if you login successfully, it redirects you to the opening page.
For instance, let's say "opening.aspx" is the opening page and "vendors.aspx" is another page in the website. If you write "..../projectname/vendors.aspx" to the browser, you're redirected to "..../projectname/login.aspx", then after your login you're redirected to "..../projectname/opening.aspx"
Now, my aim is to redirect the user to the url he wrote, in this example "..../projectname/vendors.aspx" after the successful login. I wrote the code to take the previous page and after the login redirect the user to that page. However, I cannot detect the page which the user tried to enter at the first time. I'm not sure if the project sends the user to the login page with some codes written by the previous programmers or if this is an automatic stuff of asp.net about the default page. While debugging, I always see the requested page as the login page even though I write some other page url to the browser.
What I'm looking for is the place where the requested page is changed into login page instead of the url I wrote. Is this an automatic stuff or should I look for it in the code? If I should look for it in the code, where to look?
Note: The project is based on 3-Tier architecture, with WEB, BUS, DAL and COM layers and WEB pages use user controls in every page instead of login and default.
Typically when asp.net redirects it puts the requested page in the url in the ReturnUrl querystring parameter. You should be able to do something like...
if (Request.QueryString["ReturnUrl"] != null)
Response.Redirect(Request.QueryString["ReturnUrl"]);
If you need to do something special, you could store the original page that is in ReturnUrl in something like session or in the database and then redirect after your opening page or what not.
i think u should use cookies and seesion when user logged in user detail saved in cookies
and next time when user enter the url u can check it on masterpage of that pages that cookies are available or not if details available then shoe current url page otherwise redirect on login page
Some of my pages are restricted only to loggedIn users. When the one tries to enter that page I redirect him to the login page. Then after successful login I would like to redirect him to the previously desired page.
Where can I keep that url ?
I cant use session mechanism
Thank You very much for help
You can put it in the QueryString like Asp.Net Membership does.
http://www.example.com/Login?returnUrl=/home/
Put it in the querystring e.g.
http://www.mysite.com/login.aspx?RedirectUrl=SomeRestrictedPage.aspx
I would argue that the "best" way is to not remember that URL at all, but instead to pass it as a query string value to the login page. It's a more stateless approach.
When you redirect the user to the login page, you can URL encode the path to the redirecting page and add it to the query string in the redirect. Then, in your login page, check for that value. If the value exists (and passes any validation you wish to add, such as ensuring that it's a relative path to your own site and is a valid page, etc.), redirect the user to that page. If it doesn't exist, redirect to a default page.
Just use forms auth and use the built in ReturnUrl:
Explained: Forms Authentication in ASP.NET 2.0
Cookieless Forms Authentication
ASP.NET 2.0 supports cookieless forms authentication. This feature is
controlled by the cookieless attribute of the forms element. This
attribute can be set to one of the following four values:
UseCookies. This value forces the FormsAuthenticationModule class
to use cookies for transmitting the authentication ticket.
UseUri. This value directs the FormsAuthenticationModule class to
rewrite the URL for transmitting the authentication ticket.
UseDeviceProfile. This value directs the FormsAuthenticationModule
class to look at the browser capabilities. If the browser supports
cookies, then cookies are used; otherwise, the URL is rewritten.
AutoDetect. This value directs the FormsAuthenticationModule class
to detect whether the browser supports cookies through a dynamic
detection mechanism. If the detection logic indicates that cookies are
not supported, then the URL is rewritten.
If your application is configured to use cookieless forms
authentication and the FormsAuthentication.RedirectFromLoginPage
method is being used, then the FormsAuthenticationModule class
automatically sets the forms authentication ticket in the URL. The
following code example shows what a typical URL looks like after it
has been rewritten:
http://localhost/CookielessFormsAuthTest/(F(-k9DcsrIY4CAW81Rbju8KRnJ5o_gOQe0I1E_jNJLYm74izyOJK8GWdfoebgePJTEws0Pci7fHgTOUFTJe9jvgA2))/Test.aspx
Here's the scenario
I have a page lets say login.aspx having a button called login, on click event of that button when I check for the SessionID its shows a specific value for example "A"
Now I am making a call to some external page and that page then calls this page again.
for instance once I click login button I call a twitter app and when user authorizes it, I am redirected back to the same page, but now when I am accessing the SessionID its a new ID.
I have no idea why this is happening, I just want to have the same SessionID
Are you adding any data to the session? You need to do so for the session ID to "stick".
You don't have multiple web servers, do you?
If so, and if you're not using a shared session state provider, you'd tend to see this kind of behaviour.
Edit.
OK, next question...
Is the URL that the Twitter authorisation is returning to using exactly the same domain name?
For example, if your application is running on http://127.0.0.1:1234/ and the return URL is http://localhost:1234/ ?
Edit2: Yes?
When you are redirected back from the Twitter app on 127.0.0.1, the ASP.NET session cookie isn't being passed back to the web server because the domain is different.
You need the domain that the app is running under to match the Twitter callback URL.
Reconfigure the Twitter callback URL to localhost:1234 and I think you should be OK.
I was wondering when a user logs in using the login control for ASP.NET, how do we choose where the user goes after? Do we configure this in the web.config file?
Generally, you go where the user asked to go.
What usually happens is that the user requests to go to a page which requires that he be authenticated. If he's not authenticated, he gets redirected to the login page. That page accepts username and password, and gets him authenticated. It then redirects him to the page he originally requested.
Users may get annoyed with you if they requested to go to page "A" and you send them to page "B".
If the user didn't request a particular page, then he will usually go to Default.aspx. At that point, you might choose a landing page for the user, in whatever manner you like, and redirect to that page.
You can use FormsAuthentication DefaultUrl property or forced redirect user with Response.Redirect(...) after he logged in.
Or just simply allow user continue with his initial request.