When the user clicks on the paybill (secure page) option, he/she is prompted to log-in & then be redirected to the account page. I am using Page.ResolveUrl in the Login_Authenticate method. Once logged in, if the user navigates to any different page on the website & then clicks on paybill again, I check the Identity.IsAuthenticated status in the page load and depending on this I again redirect the user to the account page. I want to know if this is the right way or if there are any best practices for doing this as this involves a lot of server calls. Can I do this functionality using the LoggedInTemplate in the asp:LoginView or Javascript? I have the code for your ref...
protected void Page_Load(object sender, EventArgs e)
{
//to directly link user to account if it's authenticated
var userauth = System.Web.HttpContext.Current.User.Identity.IsAuthenticated;
if (userauth)
{
string urlredirect = Page.ResolveUrl("~/" + SiteConfig.PageMappings["ACCOUNT"]);
Response.Redirect(urlredirect);
Server.TransferRequest(urlredirect);
}
}
You don't need to do both the Redirect and the TransferRequest. Response.Redirect sends a 302 to the browser to tell it to access a new page. Server.TransferRequest causes the request to be handled in a different Page within the existing request. If you're doing authentication, you likely want to scrap the current session and start over, which means just using Response.Redirect. I use Response.Redirect in circumstances like this. I also think it's useful for the user to see they've been redirected to another page for login (as well as being useful for page caching and back/forth navigation in the browser. w.r.t to authentication and login).
Related
In my Asp.Net webpage application when session timeout occurs the page will redirect to the login page and when we login again it goes to the home page.
But I want to redirect to the previously active page (where the session timeout occurs) instead of redirecting to the home page by default.
Is there is any way to achieve this.
Hello you can do following thing
When session expires at that time you can redirect user from that page to logged in page with below query string
Response.Redirect("Login.aspx?url=page.aspx");
Where Page.aspx will be your current page name. you have to write this code on each page's load Event before if(!ispostback) condition.
and at time of logged in button click you can do
if (Request.QueryString["url"] != null)
{
Response.Redirect(Request.QueryString["url"].ToString());
}
after making query for user name and password before your redirect to default page.
I have 2 web applications. webapp1 is running at location say - weblocationlocation1/webapp1/default.aspx
and webapp2 is running at different location say -
weblocationlocation2/webapp2/default.aspx
Now, If I want to call webapp2/default.aspx from webapp1 then how to call.
how to run Page_Load(object sender, EventArgs e) of webapp1 from webapp2/default.aspx.
I have to stay on webapp1/default.aspx in my browser. and still want to load webapp2/default.aspx (ONLY from my code of button clicked). in this case, how to store cookie/session variables. and want to maintain them in webapp1 across all pages.
If you want to do this via a redirect then:
Response.Redirect("weblocationlocation2/webapp2/default.aspx");
Or directly on the server use
Server.Transfer("weblocationlocation2/webapp2/default.aspx");
Or
Server.Execute("weblocationlocation2/webapp2/default.aspx");
The last will return control to the calling method (the second won't).
as described by # Justin Harvey you can use Page_load() method and call Response.redirect method to redirect to your desired web page
You can also use javascript if you want to redirect to your page on event such as button on click
for that you can do following
btn_demo_onClick()
{
window.location = "abc.aspx";
}
it just a complementary option if you want to go with javascript
Thanks
Response.Redirect("default.aspx"); // At URL You will Get the default page as what you are redirecting to.
Server.Transfer("default.aspx"); // At URL You will not Get the default page as what you are redirecting to.
example : If you are logged in Login page then you want to redirect to default page ,then you can use both the above mentioned methods.
I have two pages, a login page and a page1. The user cannot directly navigate to page1 as it contains following code for the pageload event. The user is redirected to the login page.
if (Session["role"] == null)
{
Response.Write("Redirect Not Working");
Response.Redirect("loginpage.aspx");
}
When the user clicks logout on pag1, he/she is redirected to the login page after setting Session["role"]=null. Now on the login page, if the user clicks on the browser back button, he/she is able to navigate to page1. Only in this case Response.Redirect("loginpage.aspx"); in pageload event does not work. Why does it not work? How can I make it work, or how can I prevent the user from accessing page1 in this scenario?
I have been helpless and closed last time by asking it a different way code to detect browser back button click for any(all) browser
Edit In response to answers: The code against the logout button is
protected void btnLogOut_Click(object sender, EventArgs e)
{
Session["role"] = null;
Session.Abandon();
Response.Redirect("login.aspx");
}
The page you're seeing on back may just be a cached version.
The simplest way might be, instead of using response redirect, echo a meta refresh. You need to make sure the session is clear too.
Session.Abandon();
Response.Write("<meta http-equiv='refresh' content='0';URL='loginpage.aspx'>");
Response.End();
If a user hits back they'll hit that page again and be bounced to the URL you want them at. Nothing stopping them from hitting back quickly more than once or choosing Page1 from the history drop down and getting a cached version.
this should definitely work,check your Session["role"],I think its never null
at logout do this
Session.Abandon();
'pageoad is not working' in that case the reason for the page executing doesn't affect the page cycle, the Load event always fires when the page is executed.
So, if the Page_Load doesn't run sometimes, it's because the page is cached and doesn't execute on the server. The page can be cached in the browser, in a router somewhere along the way, or on the server using server side page caching.
If you haven't enabled server side page caching for the page, it's cached in the browser or in the network. You can use cache settings to try to elliminate this:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
This will keep the page from being cached in normal circumstances. (Check also that your browser isn't in offline mode, then it will use anything in the cache regardless of it's cacheability settings.)
Can you try something like this
if (Session["role"] == null)
{
Response.Write("Redirect Not Working");
Response.Redirect("~/loginpage.aspx");
}
MAKE sure to reset the Session["role"] = null at time of logout because this value will persist during web session
It sounds to me like you need to remove the Session["role"] value and set it back to null. When the user logs out I don't think that you are clearing your session values so when they browse back your page load still thinks that they have a valid logged in session.
An easy way to test if this is the case is to put a break point inside the if block past where you check to see Session["role"] == null. If you never hit that breakpoint you know that role is not null and they are still technically "logged in".
I'm new to web development. I have a login.aspx page that has an Asp.Net login control on it. When the users logs in and it successfully authenticates, the page automatically redirects to default.aspx. I assume this is some kind of default behavior?
But, I actually need the login information from the login page in default.aspx.cs. How do I get this information from that context?
In addition, I'm not always going to count on the user successfully logging in with the login control-- If I want to redirect to default.aspx without a login event occurring, how can I do that while also passing the login information being used?
You can call Membership.GetUser() to get the currently-logged-in user.
You can do this sort of thing anywhere in your web app now that the user is authenticated and logged in.
MembershipUser mu = Membership.GetUser();
if (mu.PasswordQuestion == null || mu.PasswordQuestion.Length < 3)
{
Response.Redirect("~/Account/ChangePasswordQuestion.aspx");
}
If you need to get the username only, you can get it like..
HttpContext.Current.User.Identity.Name// it will return current logined username
Otherwise you can put the value in a session variable and then access it in the default page.
Use LoginView control
I have set up the SDK on my FB application but for the life of me cannot work out why the redirection happens.
The app is an IFrame so, for testing I have two pages, on page one a link to page two, when I click the link the whole page is redirecting as opposed to the IFrame src redirecting.
Both pages are checking to see if the user is logged in with the following code..
protected string requiredAppPermissions = "user_about_me,email";
protected FacebookApp fbApp;
protected CanvasAuthorizer authorizer;
protected void Page_Load(object sender, EventArgs e)
{
fbApp = new FacebookApp();
authorizer = new CanvasAuthorizer(fbApp);
authorizer.Perms = requiredAppPermissions;
if (authorizer.Authorize())
{
}
}
I have had a look in source and can see this in the FacebookAppRedirectHttpHandler, I just can't understand why you would want to keep redirecting the full page for every navigation link?
The most important reason is that Facebook passes the authentication to the signed_request to the source on every request. It either does this with a POST in the body or with a GET in the querystring. The reason we do this is because cookies aren't 100% reliable. If we redirected inside the iframe we would have to store the user's session in a cookie. Some browsers, including safari, don't let iframe apps create cookies. There are ways around this, but for most people the way we have it works best. If you want to have a redirect inside the iframe without changing the top url you will have to save the session in some way and pass it to the second page. You could do this by adding it to the querystring (complicated) or storing it in the Session (not very scalable) or using cookies (not reliable).