Need to add re-direct code to .aspx page
Dear Experts,
My company uses an application which we don’t' have the .Net project files (source code) for. I need to make a tweak to the login page (login.aspx) which requires that the HTTP_REFERRER be from a particular URL. Is there a way I can add code that would accomplish this? I'd like to re-direct any user who doesn’t come to the login page via a particular URL.
Thanks!
My company uses an application which we don’t' have the .Net project files (source code) for. I need to make a tweak to the login page (login.aspx) which requires that the HTTP_REFERRER be from a particular URL. Is there a way I can add code that would accomplish this? I'd like to re-direct any user who doesn’t come to the login page via a particular URL.
Thanks!
Last Comment
ASKER
NauticalNonsense,
Thanks for the info. Since I don't have access to the application files, I was hopeing I could do something in html in login.aspx like:
<%
if (Request.ServerVariables("
Response.Redirect("dead.as
else
Response.Redirect("login.a
%>
Sorry, I'm a vb guy. What do you think?
Thanks for the info. Since I don't have access to the application files, I was hopeing I could do something in html in login.aspx like:
<%
if (Request.ServerVariables("
Response.Redirect("dead.as
else
Response.Redirect("login.a
%>
Sorry, I'm a vb guy. What do you think?
Yep... what you have there is basically exactly the same thing I have. Should work like a charm.
Realize, that your Login page can be accessed directly without going through your transfer page. That's unfortunately the nature of not having the source files.
If you do a Server.Transfer, the page will not reload, but look like your source page. So for example, say your transfer page is Default.aspx where you are checking the referer. If you do a Server.Transfer, the address bar should remain as Default.aspx. If you do a resp.redir, it'll show the Login.aspx page.
Realize, that your Login page can be accessed directly without going through your transfer page. That's unfortunately the nature of not having the source files.
If you do a Server.Transfer, the page will not reload, but look like your source page. So for example, say your transfer page is Default.aspx where you are checking the referer. If you do a Server.Transfer, the address bar should remain as Default.aspx. If you do a resp.redir, it'll show the Login.aspx page.
ASKER
NauticalNonsense,
OK, there is one thing I don't understand. If I add the following code:
<%
if (Request.ServerVariables("
Server.Transfer("NoAccess.
else
Server.Transfer("login.asp
%>
To the application's original login page whcih is 'login.aspx', then how could this page be accessed directly?
MyLogin.aspx = New (door #1) login page
NoAccess.aspx = Where the user will sent if 1st login is not authenticated.
Login.aspx = The application's (I don't have source code) login page.
Here is the workflow:
MyLogin.aspx --- (if athenticated, re-direct to) ----> Login.aspx (otherwise re-direct to NoAcess.aspx)
On other words, the user has to go through two doors in order to access the application. How can he access login.aspx directly if I've added the above code?
Sorry if I'm missing something or have not been clear on my info.
Thanks
OK, there is one thing I don't understand. If I add the following code:
<%
if (Request.ServerVariables("
Server.Transfer("NoAccess.
else
Server.Transfer("login.asp
%>
To the application's original login page whcih is 'login.aspx', then how could this page be accessed directly?
MyLogin.aspx = New (door #1) login page
NoAccess.aspx = Where the user will sent if 1st login is not authenticated.
Login.aspx = The application's (I don't have source code) login page.
Here is the workflow:
MyLogin.aspx --- (if athenticated, re-direct to) ----> Login.aspx (otherwise re-direct to NoAcess.aspx)
On other words, the user has to go through two doors in order to access the application. How can he access login.aspx directly if I've added the above code?
Sorry if I'm missing something or have not been clear on my info.
Thanks
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I disagree. Answered the question and gave him the work around to do what was needed.
ASP.NET
The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications
128K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
1.) rename Login.aspx (existing) to User.aspx
Create Login.aspx
Codebehind
Page Load
if (Request.ServerVariables["
{
// redirect to dead page
}
else
{
Server.Transfer("User.aspx
}
Granted, if someone went to User.aspx, there's no check, but you don't have the source code to Login.aspx.
The other thing that you could do is create a new login page in the application. Edit the web.config file and turn the tracing on.... after you log in, see what session variables it's setting (if it does it session based), and mimick them on your own login page. If it's forms authentication, then you can just do your own forms auth, and the app should behave as normal.
Just some thoughts...