basically i have 3 pages, log in page, main page and registration page.
My users have 2 access level, admin and User.
Admin can go to registration apge, User can't.
On log in page, there are 2 session, Name and Role.
on page load, I clear both session.
If log in is succeeded, I filled in the values.
My problem is..
I log in as Admin, Session["Name"]="admin"; Session["Role"]="Admin";
I go to main page, then to registration page with hyper link. (enable only for admin)
On registration pageload, I check the role. If it is not access, I redirect to main page.
Every page has logged out hyper link.
I will redirect that link to log in page.
As I clear the session values at the loading of log in page, they are all clear.
When I get to Admin page, I copy the URL.
I log out and log in as someone else with User access.
I go to Main page.
I can't go to registraion page as the hyper link is disable.
But when I paste the URL, it can go to registration page.
Only when I click something, it will redirect to main page as the page_load function is not run at the first time.
Any idea?
From your explaination it seems there is a high chance this is actually the browser caching the page and not sending a request at all. Try to print the username on the page and see if it will change when you hit the url again. You can also use tools like Firebug, IE9 Dev Tools, Fiddler, etc. to see if request is sent.
BTW consider using the Membership and Role providers instead of sticking stuff in session ( http://odetocode.com/articles/427.aspx )
Related
The MSAL library launches the login screen within the chrome browser in the Xamarin.Android app. After logging in successfully, the app redirects to the main page as expected. The below is a snippet of the login code being used:
Microsoft.Identity.Client.AuthenticationResult auth = null;
App.PrepareAuthClient(authType);
string policy = App.SignInPolicyB2C;
string authority = App.AuthoritySignInB2C;
(...)
auth = await App.AuthenticationClient.AcquireTokenAsync(
App.ApiScope,
GetUserByPolicy(App.AuthenticationClient.Users, policy),
App.UiParent);
However, the issue occurs after logging out. Once we log out and then try to log back in, instead of the chrome browser displaying the login page to input the username and password, it will automatically log the user in and redirect them to the main page without even loading the login page. The browser simply opens up and loads for a few seconds and then redirects the user to the main page successfully logging them in even after having a user explicitly log out.
We tried adding prompt = force login but that didn't seem to help. The only way the user gets the login page again is after we manually clear the chrome browser cache.
Is there a way to clear the cache upon signing out? Or is there another way to force the browser to display the login page even if there is cache information?
I have two pages in my application.
One is for Login User say Default.asp and
Other for SingleSignon say sso.aspx
If the user comes through the single sign on and session expires to redirected to Default.aspx where user can enter username and password and click login.
I want to show different panel on default.aspx page if user comes though SSO page.
I tried to created cookies but know success. As I have to check cookies on the page load and also set it on page load and hide the panel accordingly.
Can I use Session_Start and check and set a cookie weather it is coming from SSO page or default page or there is a different way of doing this.
As you are using the ASP.NET you can use the following two options in Page Load.
Option : 1
Request.ServerVariables["HTTP_REFERER"]
Although note on the above it is possible for browsers to block the value (empty value).
Option : 2
You can check the Request.UrlReferrer of the current HttpRequest: it will usually contain the page from where the user is coming from (depends on the browser, though).
Reference:
how do I determine where the user came from in asp.net?
https://msdn.microsoft.com/en-us/library/system.web.httprequest.urlreferrer%28v=vs.110%29.aspx
Session_Start event is not suitable for these kind of things. Session_start runs when a user first enters in your applications, think it like the first page load.
You can use a query string parameter to determine where the user redirected from.
For example, if user redirected from sso.aspx to default.aspx, use url like that :
default.aspx?previouspage=sso
then, check the previouspage query string parameter at default.aspx, to show or hide your panel.
Im developing an asp.net application and trying to get authorization to work. When I first start my website I want to see login page and then depending what's the name of the user, I want to bring them to appropriate page eg when login succeed as doctor -- redirect to Doctor.aspx, when login authorization succeeded as secretary -- go to secretary page. I tried doing it with web administration using "Manage access rules" but once login passes it just redirects me default.aspx (which doesn't exist). How do I redirect it depending on who's the user ? This is the structure of my directory
You can create like this
string redirecturl;
if(ds.Tables[0].Rows[0]["UserRole"].ToString()=="Secretary")
redirecturl="Secretery/index.aspx";
if(ds.Tables[0].Rows[0]["UserRole"].ToString()=="Doctor")
redirecturl="Doctor/index.aspx";
That's one way. Also this article might be helpful for you.
I'm working in a WEB project based on ASP.NET and C#. It's not a new project, I'm just fixing some bugs and making some updates.
The website works like, if you're not logged in and write a url depending on the website, it redirects you to the login page. Then, if you login successfully, it redirects you to the opening page.
For instance, let's say "opening.aspx" is the opening page and "vendors.aspx" is another page in the website. If you write "..../projectname/vendors.aspx" to the browser, you're redirected to "..../projectname/login.aspx", then after your login you're redirected to "..../projectname/opening.aspx"
Now, my aim is to redirect the user to the url he wrote, in this example "..../projectname/vendors.aspx" after the successful login. I wrote the code to take the previous page and after the login redirect the user to that page. However, I cannot detect the page which the user tried to enter at the first time. I'm not sure if the project sends the user to the login page with some codes written by the previous programmers or if this is an automatic stuff of asp.net about the default page. While debugging, I always see the requested page as the login page even though I write some other page url to the browser.
What I'm looking for is the place where the requested page is changed into login page instead of the url I wrote. Is this an automatic stuff or should I look for it in the code? If I should look for it in the code, where to look?
Note: The project is based on 3-Tier architecture, with WEB, BUS, DAL and COM layers and WEB pages use user controls in every page instead of login and default.
Typically when asp.net redirects it puts the requested page in the url in the ReturnUrl querystring parameter. You should be able to do something like...
if (Request.QueryString["ReturnUrl"] != null)
Response.Redirect(Request.QueryString["ReturnUrl"]);
If you need to do something special, you could store the original page that is in ReturnUrl in something like session or in the database and then redirect after your opening page or what not.
i think u should use cookies and seesion when user logged in user detail saved in cookies
and next time when user enter the url u can check it on masterpage of that pages that cookies are available or not if details available then shoe current url page otherwise redirect on login page
I was wondering when a user logs in using the login control for ASP.NET, how do we choose where the user goes after? Do we configure this in the web.config file?
Generally, you go where the user asked to go.
What usually happens is that the user requests to go to a page which requires that he be authenticated. If he's not authenticated, he gets redirected to the login page. That page accepts username and password, and gets him authenticated. It then redirects him to the page he originally requested.
Users may get annoyed with you if they requested to go to page "A" and you send them to page "B".
If the user didn't request a particular page, then he will usually go to Default.aspx. At that point, you might choose a landing page for the user, in whatever manner you like, and redirect to that page.
You can use FormsAuthentication DefaultUrl property or forced redirect user with Response.Redirect(...) after he logged in.
Or just simply allow user continue with his initial request.