I was wondering when a user logs in using the login control for ASP.NET, how do we choose where the user goes after? Do we configure this in the web.config file?
Generally, you go where the user asked to go.
What usually happens is that the user requests to go to a page which requires that he be authenticated. If he's not authenticated, he gets redirected to the login page. That page accepts username and password, and gets him authenticated. It then redirects him to the page he originally requested.
Users may get annoyed with you if they requested to go to page "A" and you send them to page "B".
If the user didn't request a particular page, then he will usually go to Default.aspx. At that point, you might choose a landing page for the user, in whatever manner you like, and redirect to that page.
You can use FormsAuthentication DefaultUrl property or forced redirect user with Response.Redirect(...) after he logged in.
Or just simply allow user continue with his initial request.
Related
I have two pages in my application.
One is for Login User say Default.asp and
Other for SingleSignon say sso.aspx
If the user comes through the single sign on and session expires to redirected to Default.aspx where user can enter username and password and click login.
I want to show different panel on default.aspx page if user comes though SSO page.
I tried to created cookies but know success. As I have to check cookies on the page load and also set it on page load and hide the panel accordingly.
Can I use Session_Start and check and set a cookie weather it is coming from SSO page or default page or there is a different way of doing this.
As you are using the ASP.NET you can use the following two options in Page Load.
Option : 1
Request.ServerVariables["HTTP_REFERER"]
Although note on the above it is possible for browsers to block the value (empty value).
Option : 2
You can check the Request.UrlReferrer of the current HttpRequest: it will usually contain the page from where the user is coming from (depends on the browser, though).
Reference:
how do I determine where the user came from in asp.net?
https://msdn.microsoft.com/en-us/library/system.web.httprequest.urlreferrer%28v=vs.110%29.aspx
Session_Start event is not suitable for these kind of things. Session_start runs when a user first enters in your applications, think it like the first page load.
You can use a query string parameter to determine where the user redirected from.
For example, if user redirected from sso.aspx to default.aspx, use url like that :
default.aspx?previouspage=sso
then, check the previouspage query string parameter at default.aspx, to show or hide your panel.
Im developing an asp.net application and trying to get authorization to work. When I first start my website I want to see login page and then depending what's the name of the user, I want to bring them to appropriate page eg when login succeed as doctor -- redirect to Doctor.aspx, when login authorization succeeded as secretary -- go to secretary page. I tried doing it with web administration using "Manage access rules" but once login passes it just redirects me default.aspx (which doesn't exist). How do I redirect it depending on who's the user ? This is the structure of my directory
You can create like this
string redirecturl;
if(ds.Tables[0].Rows[0]["UserRole"].ToString()=="Secretary")
redirecturl="Secretery/index.aspx";
if(ds.Tables[0].Rows[0]["UserRole"].ToString()=="Doctor")
redirecturl="Doctor/index.aspx";
That's one way. Also this article might be helpful for you.
I'm working in a WEB project based on ASP.NET and C#. It's not a new project, I'm just fixing some bugs and making some updates.
The website works like, if you're not logged in and write a url depending on the website, it redirects you to the login page. Then, if you login successfully, it redirects you to the opening page.
For instance, let's say "opening.aspx" is the opening page and "vendors.aspx" is another page in the website. If you write "..../projectname/vendors.aspx" to the browser, you're redirected to "..../projectname/login.aspx", then after your login you're redirected to "..../projectname/opening.aspx"
Now, my aim is to redirect the user to the url he wrote, in this example "..../projectname/vendors.aspx" after the successful login. I wrote the code to take the previous page and after the login redirect the user to that page. However, I cannot detect the page which the user tried to enter at the first time. I'm not sure if the project sends the user to the login page with some codes written by the previous programmers or if this is an automatic stuff of asp.net about the default page. While debugging, I always see the requested page as the login page even though I write some other page url to the browser.
What I'm looking for is the place where the requested page is changed into login page instead of the url I wrote. Is this an automatic stuff or should I look for it in the code? If I should look for it in the code, where to look?
Note: The project is based on 3-Tier architecture, with WEB, BUS, DAL and COM layers and WEB pages use user controls in every page instead of login and default.
Typically when asp.net redirects it puts the requested page in the url in the ReturnUrl querystring parameter. You should be able to do something like...
if (Request.QueryString["ReturnUrl"] != null)
Response.Redirect(Request.QueryString["ReturnUrl"]);
If you need to do something special, you could store the original page that is in ReturnUrl in something like session or in the database and then redirect after your opening page or what not.
i think u should use cookies and seesion when user logged in user detail saved in cookies
and next time when user enter the url u can check it on masterpage of that pages that cookies are available or not if details available then shoe current url page otherwise redirect on login page
My iis folder structure is like
Default Web Site---->online and Accessing with www.sitename.com/online
Default Web Site---->trade and Accessing with www.sitename.com/trade
Default Web Site---->private and Accessing with www.sitename.com/private
Here the login page is residing inside "Default Web Site---->trade/Login.aspx".When user enter
www.sitename.com/online or www.sitename.com/private or www.sitename.com/trade he/she will be redirecting to the url www.sitename.com/trade/Login.aspx.
So my need is when user enter "www.sitename.com/online" he/she should remain in the same URL as www.sitename.com/online and not "www.sitename.com/trade/Login.aspx".So how can i maintain the URL that user entered.
Thanks,
Joby
Best way to do this is pass a parameter w/ original url in your redirect to login page, and then have login redirect you back to that original url
Location: http://example.com/login?ref=http%3A%2F%2Fexample.com%2Ffoo
Then after login, you read "ref" parameter and do a location redirect back.
If you are using built-in membership provider, then you may use [Authorize] attribute, that has an functionality to redirect the user to original page, after user gets authenticated system will automatically redirect the user to requested page.
Or you may try following solution:
Something like this:
www.sitename.com/trade/Login.aspx?ReturnUrl=http%3A%2F%2Fsitemap.com%2Fonline
After user gets authenticated, you may redirect the user to requested page.
Response.Redirect(Request.QueryString["ReturnUrl"]);
Consider using MVC or at least routing portion of it with ASPX pages to render views. This way you can have any Urls you want unrelated to physical file names.
Users rarely enter any urls... and I'm not really sure anyone cares as long as Url makes some sence (or complete noncense). So I think it is perfectly ok to render login page at something like /login and than redirect back to originating page. You can save original url in query string (as #chovy suggests) or hidden element on the page if login never leaves your site. If login leaves your site (i.e. for OAuth authentication) thatn session state or cookies may be place to store return Url.
basically i have 3 pages, log in page, main page and registration page.
My users have 2 access level, admin and User.
Admin can go to registration apge, User can't.
On log in page, there are 2 session, Name and Role.
on page load, I clear both session.
If log in is succeeded, I filled in the values.
My problem is..
I log in as Admin, Session["Name"]="admin"; Session["Role"]="Admin";
I go to main page, then to registration page with hyper link. (enable only for admin)
On registration pageload, I check the role. If it is not access, I redirect to main page.
Every page has logged out hyper link.
I will redirect that link to log in page.
As I clear the session values at the loading of log in page, they are all clear.
When I get to Admin page, I copy the URL.
I log out and log in as someone else with User access.
I go to Main page.
I can't go to registraion page as the hyper link is disable.
But when I paste the URL, it can go to registration page.
Only when I click something, it will redirect to main page as the page_load function is not run at the first time.
Any idea?
From your explaination it seems there is a high chance this is actually the browser caching the page and not sending a request at all. Try to print the username on the page and see if it will change when you hit the url again. You can also use tools like Firebug, IE9 Dev Tools, Fiddler, etc. to see if request is sent.
BTW consider using the Membership and Role providers instead of sticking stuff in session ( http://odetocode.com/articles/427.aspx )